Prolific Hacking Gang DieNet Presents A Serious Threat

Uploaded on 2025-05-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

DieNet is, a newly identified hacktivist group, has claimed more than 60 Distributed Denial-of-Service (DDoS) attacks, targeting critical infrastructure from US transit systems to Iraqi government websites. This group announced itself on March 7, 2025, via a now-banned Telegram channel.  DieNet’s targets include  transportation, energy, medical systems, and digital commerce. 

New research from Netscout has assessed that DieNet exploits DDoS-as-a-service infrastructure, shared with groups such as OverFlame and DenBots Proof, to launch ideologically driven attacks against targets the US, Iraq, Israel, Sweden and Egypt.

Although the group claims success, it is difficult to verify whether the attacks had any impact on the  targets. However, their scale and frequency expose the ease with which new actors can exploit rented infrastructure to launch their own DDoS campaigns.

Netscout's key findings include:  

  • Attack frequency: DieNet has claimed more than 60 attacks within less than two months of the group’s debut.
  • Preferred targets: The group targets critical infrastructure, particularly in the US and Iraq, both in the form of digital communications and in physical infrastructure such as transportation or energy.
  • Attack platform: DieNet likely employs rented, DDoS-as-a-service infrastructure shared by a number of threat actors. Observations of the usage of the infrastructure predate DieNet itself.

Since its initial announcement, DieNet has been consistently active, launching frequent DDoS attacks against key infrastructure in multiple countries and its activities have been promoted by other active threat groups including  Mr.Hamza, Sylhet Gang-SG, and LazaGrad Hack. 

DieNet’s targeting seems to be ideologically driven, targetting a range of industries, aimed at maximising visible disruptions by targeting key infrastructure. 

  • In the US, DieNet has targeted the Los Angeles Metropolitan Transportation Authority, Port of Los Angeles, and Chicago Transit Authority, as well as the North American Electric Reliability Corporation, and in Iraq, it has targeted the Ministry of Foreign Affairs. 
  • The group also has targeted large centres of digital commerce and communication, such as X, medical websites such as MediTech and Epic, the Internet Archive, NASDAQ, and other large e-commerce and software-as-a-service (SaaS) providers.

DieNet’s attacks are characterised by a mixture of attack vectors such as TCP RST, DNS amplification, TCP Syn and NTP amplification. Notably, the attack vectors seem to vary between targets. Analysis of the attack sources reveal no discernable pattern or cluster of devices that would indicate a single controlled botnet. 

In fact, some of the individual sources of attack traffic that DieNet attacks used have also been used by other threat groups. This highlights the growing threat of DDoS-as-a-service attacks because organisations such as DieNet can spin up and begin launching a flurry of attacks overnight, all without having to rely on capturing their own infrastructure.
Conclusion and Protection Recommendations  

DieNet’s rapid rise is a sign of the growing threat of DDoS as a service, enabling ideologically driven groups to disrupt critical infrastructure.

Without robust defences, such actors can paralyse essential systems with minimal effort. Netscout recommends that organisations adopt proactive measures, including real-time visibility, automated mitigation, and intelligence-driven defences. In aprticular:-

  • Real-time visibility into botnet behaviour and attack patterns. Tools such as Netscout Arbor Sightline can help surface early signs of trouble.
  • Proactive mitigation with automated systems such as Arbor TMS or Arbor AED. These can stop both volumetric floods and more-complex, multivector attacks.
  • Intelligence-driven defence with feeds such as Netscout’s AIF. These provide information about context, what’s trending, who’s being targeted, and how actors are evolving.

Staying ahead of threat actors is an ever-changing job and requires a broad view of where these attacks come from, how they operate, and where they could strike next.

Image:

You Might Also Read: 

Telecoms - Beware Of The DDoS Threat Actor:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is An SPF Record For Email?
Reimagining Cybersecurity In The Age Of Organised Threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Quick Heal Technologies

Quick Heal Technologies

Quick Heal Technologies is a leading IT security solutions provider focused on endpoint and network security solutions.

RunSafe Security

RunSafe Security

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Xilinx

Xilinx

Xilinx is the inventor of the FPGA, programmable SoCs, and now, the ACAP. We are building the Adaptable, Intelligent World.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.