Akamai researchers disclosed that one of its clients in the hospitality sector has been impacted by a distributed denial-of-service attack
launched by threat actors purporting to be related to the REvil ransomware gang, which was believed to be dismantled following the arrest of several of its members in January, reports TechRepublic
Attackers have launched a coordinated attack involving the use of several HTTP/2 GET requests against the Akamai customer, which prompted site traffic to reach up to 15kRps. Akamai's Security Intelligence Response Team was notified about the intrusion on May 12, with researchers noting that the tactics leveraged in the attack aligned with techniques previously used by REvil. However, attributing the campaign to REvil or a mere copycat has been challenging, according to Akamai SIRT Engineer Chad Seaman. "This campaign compared to previously reported campaigns does have different traits that would suggest it isnt the same group that launched the previously documented REvil attacks, but it's hard to tell if those were even truly REvil to be honest," Seaman said.