Prolific Hacking Gang DieNet Presents A Serious Threat

Uploaded on 2025-05-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

DieNet is, a newly identified hacktivist group, has claimed more than 60 Distributed Denial-of-Service (DDoS) attacks, targeting critical infrastructure from US transit systems to Iraqi government websites. This group announced itself on March 7, 2025, via a now-banned Telegram channel.  DieNet’s targets include  transportation, energy, medical systems, and digital commerce. 

New research from Netscout has assessed that DieNet exploits DDoS-as-a-service infrastructure, shared with groups such as OverFlame and DenBots Proof, to launch ideologically driven attacks against targets the US, Iraq, Israel, Sweden and Egypt.

Although the group claims success, it is difficult to verify whether the attacks had any impact on the  targets. However, their scale and frequency expose the ease with which new actors can exploit rented infrastructure to launch their own DDoS campaigns.

Netscout's key findings include:  

  • Attack frequency: DieNet has claimed more than 60 attacks within less than two months of the group’s debut.
  • Preferred targets: The group targets critical infrastructure, particularly in the US and Iraq, both in the form of digital communications and in physical infrastructure such as transportation or energy.
  • Attack platform: DieNet likely employs rented, DDoS-as-a-service infrastructure shared by a number of threat actors. Observations of the usage of the infrastructure predate DieNet itself.

Since its initial announcement, DieNet has been consistently active, launching frequent DDoS attacks against key infrastructure in multiple countries and its activities have been promoted by other active threat groups including  Mr.Hamza, Sylhet Gang-SG, and LazaGrad Hack. 

DieNet’s targeting seems to be ideologically driven, targetting a range of industries, aimed at maximising visible disruptions by targeting key infrastructure. 

  • In the US, DieNet has targeted the Los Angeles Metropolitan Transportation Authority, Port of Los Angeles, and Chicago Transit Authority, as well as the North American Electric Reliability Corporation, and in Iraq, it has targeted the Ministry of Foreign Affairs. 
  • The group also has targeted large centres of digital commerce and communication, such as X, medical websites such as MediTech and Epic, the Internet Archive, NASDAQ, and other large e-commerce and software-as-a-service (SaaS) providers.

DieNet’s attacks are characterised by a mixture of attack vectors such as TCP RST, DNS amplification, TCP Syn and NTP amplification. Notably, the attack vectors seem to vary between targets. Analysis of the attack sources reveal no discernable pattern or cluster of devices that would indicate a single controlled botnet. 

In fact, some of the individual sources of attack traffic that DieNet attacks used have also been used by other threat groups. This highlights the growing threat of DDoS-as-a-service attacks because organisations such as DieNet can spin up and begin launching a flurry of attacks overnight, all without having to rely on capturing their own infrastructure.
Conclusion and Protection Recommendations  

DieNet’s rapid rise is a sign of the growing threat of DDoS as a service, enabling ideologically driven groups to disrupt critical infrastructure.

Without robust defences, such actors can paralyse essential systems with minimal effort. Netscout recommends that organisations adopt proactive measures, including real-time visibility, automated mitigation, and intelligence-driven defences. In aprticular:-

  • Real-time visibility into botnet behaviour and attack patterns. Tools such as Netscout Arbor Sightline can help surface early signs of trouble.
  • Proactive mitigation with automated systems such as Arbor TMS or Arbor AED. These can stop both volumetric floods and more-complex, multivector attacks.
  • Intelligence-driven defence with feeds such as Netscout’s AIF. These provide information about context, what’s trending, who’s being targeted, and how actors are evolving.

Staying ahead of threat actors is an ever-changing job and requires a broad view of where these attacks come from, how they operate, and where they could strike next.

Image:

You Might Also Read: 

Telecoms - Beware Of The DDoS Threat Actor:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« What Is An SPF Record For Email?
Reimagining Cybersecurity In The Age Of Organised Threats »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Trusted Computing Group

Trusted Computing Group

TCG was formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Blaze Information Security

Blaze Information Security

Blaze Information Security is a privately held, independent information security firm born from years of combined experience and international presence.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Geobridge

Geobridge

Geobridge was one of the first information security solutions providers to support cryptography and payment applications for payment processors, financial institutions and retail organizations.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.