Prolific Hacking Gang DieNet Presents A Serious Threat

DieNet is, a newly identified hacktivist group, has claimed more than 60 Distributed Denial-of-Service (DDoS) attacks, targeting critical infrastructure from US transit systems to Iraqi government websites. This group announced itself on March 7, 2025, via a now-banned Telegram channel.  DieNet’s targets include  transportation, energy, medical systems, and digital commerce. 

New research from Netscout has assessed that DieNet exploits DDoS-as-a-service infrastructure, shared with groups such as OverFlame and DenBots Proof, to launch ideologically driven attacks against targets the US, Iraq, Israel, Sweden and Egypt.

Although the group claims success, it is difficult to verify whether the attacks had any impact on the  targets. However, their scale and frequency expose the ease with which new actors can exploit rented infrastructure to launch their own DDoS campaigns.

Netscout's key findings include:  

  • Attack frequency: DieNet has claimed more than 60 attacks within less than two months of the group’s debut.
  • Preferred targets: The group targets critical infrastructure, particularly in the US and Iraq, both in the form of digital communications and in physical infrastructure such as transportation or energy.
  • Attack platform: DieNet likely employs rented, DDoS-as-a-service infrastructure shared by a number of threat actors. Observations of the usage of the infrastructure predate DieNet itself.

Since its initial announcement, DieNet has been consistently active, launching frequent DDoS attacks against key infrastructure in multiple countries and its activities have been promoted by other active threat groups including  Mr.Hamza, Sylhet Gang-SG, and LazaGrad Hack. 

DieNet’s targeting seems to be ideologically driven, targetting a range of industries, aimed at maximising visible disruptions by targeting key infrastructure. 

  • In the US, DieNet has targeted the Los Angeles Metropolitan Transportation Authority, Port of Los Angeles, and Chicago Transit Authority, as well as the North American Electric Reliability Corporation, and in Iraq, it has targeted the Ministry of Foreign Affairs. 
  • The group also has targeted large centres of digital commerce and communication, such as X, medical websites such as MediTech and Epic, the Internet Archive, NASDAQ, and other large e-commerce and software-as-a-service (SaaS) providers.

DieNet’s attacks are characterised by a mixture of attack vectors such as TCP RST, DNS amplification, TCP Syn and NTP amplification. Notably, the attack vectors seem to vary between targets. Analysis of the attack sources reveal no discernable pattern or cluster of devices that would indicate a single controlled botnet. 

In fact, some of the individual sources of attack traffic that DieNet attacks used have also been used by other threat groups. This highlights the growing threat of DDoS-as-a-service attacks because organisations such as DieNet can spin up and begin launching a flurry of attacks overnight, all without having to rely on capturing their own infrastructure.
Conclusion and Protection Recommendations  

DieNet’s rapid rise is a sign of the growing threat of DDoS as a service, enabling ideologically driven groups to disrupt critical infrastructure.

Without robust defences, such actors can paralyse essential systems with minimal effort. Netscout recommends that organisations adopt proactive measures, including real-time visibility, automated mitigation, and intelligence-driven defences. In aprticular:-

  • Real-time visibility into botnet behaviour and attack patterns. Tools such as Netscout Arbor Sightline can help surface early signs of trouble.
  • Proactive mitigation with automated systems such as Arbor TMS or Arbor AED. These can stop both volumetric floods and more-complex, multivector attacks.
  • Intelligence-driven defence with feeds such as Netscout’s AIF. These provide information about context, what’s trending, who’s being targeted, and how actors are evolving.

Staying ahead of threat actors is an ever-changing job and requires a broad view of where these attacks come from, how they operate, and where they could strike next.

Image:

You Might Also Read: 

Telecoms - Beware Of The DDoS Threat Actor:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« What Is An SPF Record For Email?
Reimagining Cybersecurity In The Age Of Organised Threats »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Nexsan

Nexsan

Nexsan offers versatile and robust data storage solutions tailored to adapt seamlessly across a diverse range of sectors, ensuring reliable performance for critical data management.