It's not a secret that all is fair in Love and War. Tanuki, a restaurant network, found it out the hard way in Autumn 2021. On August 29th, Vladislav Pozdnyakov, the founder of the “Male State” ...
It's not a secret that all is fair in Love and War. Tanuki, a restaurant network, found it out the hard way in Autumn 2021. On August 29th, Vladislav Pozdnyakov, the founder of the “Male State” movement waged war on all restaurants operating under Tanuki brand in his Telegram. The spark that set off the fire was the ad pictures of a black male model holding a rainbow flag that Tanuki had published on Instagram. The activist threatened to bring their business to a standstill if the company didn't delete the pictures and apologize “to the nation”.
The company’s representatives refused to cater to the threat and stated that “their plans did not include deleting pictures and making apologies" as all accusations were groundless, even from the point of the Russian legislation.
After Tanuki had refused to comply, mass bullying and trolling was launched. There were false calls to law enforcement about bombs at restaurants, the activists set up spam-attacks, ordered delivery to non-existent addresses, made orders and then refused to pay imitating bots’ activity. The cherry on the top was a series of DDoS-attacks on Tanuki’s website and apps after Vladislav Pozdniakov, the nationalist movement leader, had encouraged his Telegram followers to fund further attacks.
From August 29th through September 13th the list of blocked IP-addresses exceeded the 5 thousands threshold 15 times; in 9 cases more than 19 thousands IP-addresses were blocked. Even between the peaks the number of blocked addresses rarely dropped below 400*. At least seven attempts were made to exhaust channel capacity with amplification attacks, the most powerful of which was over 77.9 Gbps.
* The Source IP was blacklisted; the addresses from the black-list cannot get access to the web resource
Detailed timeline of the first attacks
The first attack started at 15:00 on August 29th; it didn't have any significant impact until 19:42 when the number of incoming traffic started to grow exponentially and the attack reached 7.08 Gbps at its peak. All of those were requests of the main page from multiple IP-addresses. 21.72 thousand IP-addresses had been blocked by 19:46. There were fresh attempts to attack the website at 20:11 and 21:19 (which were the peak periods for online orders) but as traffic of the services had been automatically filtered by Qrator Labs network, the assaults had hardly any impact on the resource’s availability whilst extending the black list to 30.2 thousands of addresses at its maximum.
Around 9 a.m. on August 30th Vladislav Pozdnyakov published a detailed instruction for the attackers in his Telegram channel. The attack started at around 14:40, followed by the third wave of attacks, the longest one lasting 630 minutes. During a short break between the second and third waves, the attackers made one of the most massive attempts to exhaust the channel capacity with incoming traffic at 77.9 Gbps, but at the peak of the attack Qrator Labs network passed only 3.84 Mbps at most, which had no effect on the protected resource at all.
As a rule the intruders used different proxy-servers during the attacks, so that the top addresses during the most attacks were from Brazil, Indonesia, Iran and India.
On September 13th the “Male State” Telegram published its last call to attack Tanuki. Even though after that date DDoS attacks were no longer coordinated via Telegram chat, they didn’t actually stop. There were another 6 attacks before December 1st; more than 5 thousands IP addresses were blocked during each of them.
Curiously enough, September 28th witnessed the most intense attack of the entire "Internet war", but, unlike the others, the traffic from the RU segment was not increasing, so we can assume that this attack was not "Male State"-related or was ordered by one of its members without coordination with the other participants. The attack lasted 260 minutes, around 33,700 addresses were blocked and the rate of incoming traffic was 132.85 Gbps at its peak.
On October 18th, 2021 Nizhegorodskiy district court found “Male State” to be an extremist organization thus banning its activity across Russia. Now Tanuki is attempting to claim damages through the legal system.
“The Qrator Labs network has helped us maintain a high level of customer service during the “Male State” attacks. We are grateful for our partner’s support. Qrator Labs specialists were always available, the attacks were quickly mitigated and hardly had any effect on our services, although we did experience massive waves of DDoS-attacks. The attacks gave us an opportunity to update our web infrastructure and our tech team gained extensive experience. It will help us ensure sustainable development and reliability of Tanuki’s services, and next time we will be well-prepared for such events no matter what scale. It’s worthwhile experience for us and we are ready to share our knowledge with those who face such issues” commented Ilya Silinevich, Chief Technology Officer of “TanukiTech”.
After the happy ending of the conflict with “Male State” Tanuki team decided to subscribe to another service by Qrator Labs without limiting themselves to DDoS-attacks protection. At the moment the company is implementing and testing Bot Protection product. Previously, Qrator Labs support service helped Tanuki to combat bot activity, including malicious activity not originated by DDoS attacks, when attackers simulated bot activity on the website by putting products in the cart and abandoning them. Now the website and the mobile application of the company will proactively filter bot traffic with the help of Qrator Bot Protection solution.