ApophisSquad & 4SPEC7 DDoS ProtonMail

ApophisSquad and 4SPEC7 DDoS ProtonMail. Potential risk to British business.

Target: ProtonMail, ProtonVPN as well as Radware and other DDoS mitigators.
Attack Vector: DDoS attack. SSDP and TCP SYN multi-vector observed.


Threat Actor: ApophisSquad and affiliated group 4SPEC7.
Summary: ApophisSquad has been observed continuing their already significant volume of activity, attacking multiple targets during June. This included hoax bomb threats in addition to attacks which appeared to primarily target British businesses. An affiliate of the group, possibly a subsidy and known as 4SPEC7, has also joined the group in attacking multiple targets with similar tactics. Of significance is the targeting of ProtonMail, an encrypted email service, with a DDoS attack. Further reports indicate the ProtonVPN service had also been affected by the attacks sustained for several hours and causing multiple outages of a few minutes at a time. Risk assessment summary: This threat is assessed as 3d MODERATE. The groups have historically been observed targeting British businesses and with this attack initially cited as a test, the likelihood of further DDoS campaigns are high. An attack would also likely target organisations in Britain as opposed to other nations, making the risk more relevant. This is likely due to the Russian links the group’s are alleged to hold, and the political fallout between the two nations. Businesses targeted are usually high-profile as the group continuously aims to achieve as much attention and recognition as possible. In June, the threat actors demonstrated their capability to deliver enormous attacks, using multiple variants of the DDoS attack vector, revealing the ability to customise attacks to achieve the greatest possible damage.