Prolific Hacking Gang DieNet Presents A Serious Threat

Uploaded on 2025-05-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

DieNet is, a newly identified hacktivist group, has claimed more than 60 Distributed Denial-of-Service (DDoS) attacks, targeting critical infrastructure from US transit systems to Iraqi government websites. This group announced itself on March 7, 2025, via a now-banned Telegram channel.  DieNet’s targets include  transportation, energy, medical systems, and digital commerce. 

New research from Netscout has assessed that DieNet exploits DDoS-as-a-service infrastructure, shared with groups such as OverFlame and DenBots Proof, to launch ideologically driven attacks against targets the US, Iraq, Israel, Sweden and Egypt.

Although the group claims success, it is difficult to verify whether the attacks had any impact on the  targets. However, their scale and frequency expose the ease with which new actors can exploit rented infrastructure to launch their own DDoS campaigns.

Netscout's key findings include:  

  • Attack frequency: DieNet has claimed more than 60 attacks within less than two months of the group’s debut.
  • Preferred targets: The group targets critical infrastructure, particularly in the US and Iraq, both in the form of digital communications and in physical infrastructure such as transportation or energy.
  • Attack platform: DieNet likely employs rented, DDoS-as-a-service infrastructure shared by a number of threat actors. Observations of the usage of the infrastructure predate DieNet itself.

Since its initial announcement, DieNet has been consistently active, launching frequent DDoS attacks against key infrastructure in multiple countries and its activities have been promoted by other active threat groups including  Mr.Hamza, Sylhet Gang-SG, and LazaGrad Hack. 

DieNet’s targeting seems to be ideologically driven, targetting a range of industries, aimed at maximising visible disruptions by targeting key infrastructure. 

  • In the US, DieNet has targeted the Los Angeles Metropolitan Transportation Authority, Port of Los Angeles, and Chicago Transit Authority, as well as the North American Electric Reliability Corporation, and in Iraq, it has targeted the Ministry of Foreign Affairs. 
  • The group also has targeted large centres of digital commerce and communication, such as X, medical websites such as MediTech and Epic, the Internet Archive, NASDAQ, and other large e-commerce and software-as-a-service (SaaS) providers.

DieNet’s attacks are characterised by a mixture of attack vectors such as TCP RST, DNS amplification, TCP Syn and NTP amplification. Notably, the attack vectors seem to vary between targets. Analysis of the attack sources reveal no discernable pattern or cluster of devices that would indicate a single controlled botnet. 

In fact, some of the individual sources of attack traffic that DieNet attacks used have also been used by other threat groups. This highlights the growing threat of DDoS-as-a-service attacks because organisations such as DieNet can spin up and begin launching a flurry of attacks overnight, all without having to rely on capturing their own infrastructure.
Conclusion and Protection Recommendations  

DieNet’s rapid rise is a sign of the growing threat of DDoS as a service, enabling ideologically driven groups to disrupt critical infrastructure.

Without robust defences, such actors can paralyse essential systems with minimal effort. Netscout recommends that organisations adopt proactive measures, including real-time visibility, automated mitigation, and intelligence-driven defences. In aprticular:-

  • Real-time visibility into botnet behaviour and attack patterns. Tools such as Netscout Arbor Sightline can help surface early signs of trouble.
  • Proactive mitigation with automated systems such as Arbor TMS or Arbor AED. These can stop both volumetric floods and more-complex, multivector attacks.
  • Intelligence-driven defence with feeds such as Netscout’s AIF. These provide information about context, what’s trending, who’s being targeted, and how actors are evolving.

Staying ahead of threat actors is an ever-changing job and requires a broad view of where these attacks come from, how they operate, and where they could strike next.

Image:

You Might Also Read: 

Telecoms - Beware Of The DDoS Threat Actor:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is An SPF Record For Email?
Reimagining Cybersecurity In The Age Of Organised Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CyberSecurityJobsite.com

CyberSecurityJobsite.com

CyberSecurityJobsite.com is a specialist job board designed to attract candidates working within Cyber Security, Information Security or Information Assurance.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Marcum Technology

Marcum Technology

Marcum Technology consultants are focused on helping you reach your company’s full potential by exploring creative ways to integrate tomorrow’s technology into your business today.

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.