The attackers have been identified as the same hacker group mentioned in an Akamai report published on August 17, last week.
The group uses names like Armada Collective and Fancy Bear — both borrowed from more famous hacker groups — to email companies and threaten DDoS attacks that can cripple operations and infer huge downtime and financial costs for the targets unless the victims pay a huge ransom demand in Bitcoin.
Such types of attacks are called "DDoS extortions" or "DDoS-for-Bitcoin" and have first been seen in the summer of 2016.
Over the past years, such attacks have come and gone. Some DDoS extortionists groups delivered on their threats and attacked victims, but the vast majority of these extortion attempts only served empty threats.
However, the group active this month is one of the most dangerous seen since the beginning of this trend in 2016.
Some attacks peaked at 200 Gb/sec
In an update to its report added this Monday, on August 24, Akamai confirmed that the group launched complex DDoS attacks that, in some cases, peaked at almost 200 Gb/sec.
Our source, who requested anonymity for this article due to ongoing business relations, also confirmed that some of the attacks launched this week reached 50 to 60 Gb/sec.
The source also described the group as having "above-average DDoS skills."
While previous DDoS extortionists would often target their victims' public websites, this new group has repeatedly targeted backend infrastructure, API endpoints, and DNS servers -- which explains why some of the DDoS attacks this week have resulted in severe and prolonged outages at some of their targets.
Furthermore, the group also showed its sophistication by often changing the protocols that were abused for the DDoS attacks, keeping defenders on their toes as to how the next attack would take place, and the protections they needed to roll out.
DDoS mitigation providers recommend that companies do not give in to these types of extortion attempts, and instead of paying the attackers, companies should reach out and contract their services instead.