New DDoS-as-a-Service platform (DDoSaaS) called “Passion” has been used in recent attacks on medical institutions in the USA and Europe.

Researchers of the information security company Radware discovered Passion platform, and although its origin is unknown, they attribute the attacks to Russian hacker groups kill net , MIRAI Venom and Anonymous Russia (included in kill net).

The Passion service was used on January 27 in attacks on medical facilities in the United States, Portugal, Spain, Germany, Poland, Finland, Norway, the Netherlands and the United Kingdom in response to sending tanks in support of Ukraine. Passion DDoS platform operators first launched their service in early January 2023, defaced several sites of Japanese and South African organizations.

Deface one of the sites

The service works on a subscription basis, where customers can choose the attack vector, its duration and intensity. Passion offers 10 attack vectors to choose from, allowing subscribers to customize their attack patterns and even combine vectors to bypass defenses.

Supported attack methods:

• HTTP Raw;
• Crypto;
• UAM Browser;
• HTTPS Mix;
• browser;
• bypass;
• DNS L4;
• Mixamp L4;
• OVH-TCP L4;
• TCP Kill L4.

The service works on a subscription basis: 7 days costs $30, a month – $120, and a year – $1440. You can pay via Bitcoin, Tether and QIWI payment system. Passion uses the Dstat.cc service to demonstrate its capabilities and effectiveness of L4 and L7 attacks against DDoS protection providers such as CloudFlare and Google Shield.

Passion power demo at Dstat.cc

Recall that in October 2022, a crowdsourcing project was launched called “ DDOSIA ”, under which volunteers who participated in DDoS attacks are paid amounts depending on the capacities that a particular participant provides. Passion is becoming another significant asset in the thriving DDoS attack industry, which increases the problem for organizations around the world that are victims of such attacks.