Researchers warn that the Fronton botnet was used by Russia-linked threat actors for coordinated disinformation campaigns.
Fronton is a distributed denial-of-service (DDoS) botnet that was used by Russia-linked threat actors for coordinated disinformation campaigns.
In March 2020, the collective of hacktivists called “Digital Revolution” claimed to have hacked a subcontractor to the Russian FSB. The group released sensitive documents and contracts about an IoT botnet, codename Fronton, built by the contractor 0day Technologies. The botnet was developed to conduct DDoS attacks, but further analysis revealed that it could be used to coordinate large-scale disinformation campaigns, mimiking the behavior of a large audience online.
“Nisos research focused on the distribution of the numerous content types. This release noted that DDoS “is only one of the many capabilities of the system.” Nisos analyzed the data and determined that Fronton is a system developed for coordinated inauthentic behavior on a massive scale.” reads the analysis published by the security firm NISOS.
The botnet provides a web-based dashboard known as SANA that allows operators to spread trending social media events, called ‘newsbreaks,’ en masse. SANA allows operators to create and manage fake social media persona accounts.
“Two example lists of posting source dictionaries were included in the data. One, involving comments around a squirrel statue in Almaty, Kazakhstan may have affected the reporting on a BBC story. As of April 2022, 0day technologies has changed its domain from 0day[.]ru to 0day[.]llc. An instance of the SANA system appears to be up at https://sana.0day[.]llc .