• About
  • Advertise
  • Careers
  • Contact
Friday, March 31, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

by Cyber360 News
April 28, 2020
in Security
0
SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Timetv.live is the latest Azeri news site targeted by Denial of Service (DDoS) attacks launched by Sandman threat actor, the attack took place on March 21, 2020.

Timetv.live is the latest Azeri news site targeted by Denial of Service attacks. The 21st of March, the website received a Denial of Service attack after the publishing of an article about Mubariz Mansimov, a businessman who has been imprisoned and claims that the arrest was ordered by the head of SOCAR – State Oil Company of Azerbaijan Rovnag Abdullayev and his cousin Anar Alizade. This report focuses on the forensics of the attack in an attempt to attribute the attack.


After reviewing the attack logs of the Denial of Service, Qurium could quickly determine that the attacker was using Fineproxy VPN service to build a botnet to flood the website. Fineproxy provides access to thousand of proxies registered in the name of several associated companies like Region40, Silverstar, Blockchain Solutions etc.

Despite that Fineproxy management claims that their business does not support Denial of Service attacks and “they block them immediately”, this is the forth time in the last twelve months that Qurium has mitigated attacks coming from Fineproxy’s infrastructure. The attacks last for hours and there are no signs that Fineproxy stops this kind of abuse.

Just like many other DDoS attacks we have seen in the past against Azeri media, the attacker monitors the success of the floods using the HostTracker service.

Sandman behind the attacks

Reviewing the logs, we could see IP address 134.19.217{.}249 visiting the website days before the attacks and performing “vulnerability” scans against the website. This IP address is associated with a known threat actor known as Sandman, working in the Ministry of Interior of Azerbaijan, focusing on targeting activists and independent media.

Sandman testing the results of WPScan from the office.
134.19.217.249 - - [17/Mar/2020:06:58:17 -0400] "GET / HTTP/1.1" 200 86081 "http://timetv.live/" "WPScan v2.9.4-dev (http://wpscan.org)"

On March 18th, the IP address 134.19.217.249 requested the picture /wp-content/uploads/2020/01/C016DA7E-EBEA-4B14-8AE4-C17BF0FA36EC.jpeg from timetv.live website clicking on a link in a spreadsheet with User Agent: “Mozilla/4.0 (compatible; ms-office; MSOffice 16)”

The picture visited by “Sandman” from his spreadsheet was connected to an article published on January 24 2020.

CERT.AZ asked for content removal

Since late February 2020, the editor of TimeTV has been subject of harassment by the authorities. The media received threats if content was not removed from the news site or the organization’s Facebook page.

The threats included to block the website in the country or incarceration of members of the family or opposition activists. Some of this threats came from an anonymous account in Facebook and two messages were received by WhatsApp.

On February 24th, the Ministry of Transport, Communications and High Technologies via their National CERT (cert.az) sent a mail to Fikret Huseynli, editor of TimeTV. The CERT kindly asked for the removal of an article by TimeTV’s journalist Elxan Huseynov about the Minister of communications, Ramin Guluzade. The CERT requested the content removal based on Article 13-2.3.9 of the Law “On information, informing and protection of information”.

According to Article 13.3 of the Law of the Republic of Azerbaijan “On information, informatization and protection of information”, if the relevant information is not taken from the Internet information resources within 8 hours after the warning, restrictions will be imposed on the site and the matter will be appealed to the court.

Article requested to be removed.

Conclusion

Our forensics investigation can conclude that “Sandman”, the mysterious cyber-attacker working in the Ministry of Interior of Azerbaijan targeting activists and independent media, used Fineproxy VPN service to launch a Denial of Service attack against TimeTV.

One week before the events, the National CERT contacted the site editor to ask for the content removal of an article related to the Minister of Communications Ramin Guluzade. Additionally, anonymous messages were sent to TimeTV via Facebook and WhatsApp days before the cyberattacks.

The article was published by Qurium’s forensics report: Sandman and Fineproxy behind the DDoS Attacks against TimeTV.Live

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

Pierluigi Paganini

(SecurityAffairs – Sandman, DDoS)



Share On


Cyber360 News

Cyber360 News

Next Post
Why a Web application firewall is a vital tool to keep websites safe from cyber attacks.

Why a Web application firewall is a vital tool to keep websites safe from cyber attacks.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In