An investigation into the Fronton botnet has revealed far more than the ability to perform DDoS attacks, with the exposure of coordinated inauthentic behavior “on a massive scale.”
On Thursday, cybersecurity firm Nisos published new research revealing the inner workings of the unusual botnet.
Fronton first hit the headlines back in 2020 when ZDNet reported that a hacktivist group claimed to have broken into a contractor for the FSB, Russia’s intelligence service, and published technical documents appearing to show the construction of the IoT botnet on the intelligence service’s behalf.
At the time, it was thought that the botnet was destined to perform distributed denial-of-service (DDoS) attacks on a vast scale. However, after analyzing further documents related to Fronton, Nisos believes that DDoS attacks are only one of many capabilities.
Instead, Nisos says Fronton is “a system developed for coordinated inauthentic behavior,” and the implementation of particular software, dubbed SANA, shows that the botnet’s true purpose could be for misinformation and the spread of propaganda rapidly and automatic fashion.
SANA consists of a web-based dashboard and a variety of functions, including:
Newsbreaks: tracks messages, trends, and their responses Groups: bot management Behavior Models: