Mysterious “LOVE” packet storms flood the internet since 2020

Mysterious

September 19, 2024 at 10:02AM

Internet intelligence firm GreyNoise has been tracking large waves of “Noise Storms” since January 2020, suspected to be covert communications, DDoS attack signals, or malware channels. These storms involve spoofed internet traffic and display peculiar characteristics, such as the presence of “LOVE” ASCII string in ICMP packets. GreyNoise seeks cybersecurity researchers’ assistance in solving this mystery.

From the meeting notes provided, it is clear that GreyNoise, an internet intelligence firm, has been tracking and analyzing large waves of “Noise Storms” that contain spoofed internet traffic. The purpose and origin of these Noise Storms, suspected to be covert communications or cyber attacks, remain unknown despite extensive analysis.

Key characteristics of these Noise Storms include millions of spoofed IP addresses from sources such as QQ, WeChat, and WePay, and massive traffic directed at specific internet service providers while avoiding others. Notably, there is also an “LOVE” ASCII string embedded in the generated ICMP packets, adding intrigue to the situation.

These Noise Storms mimic legitimate data streams, which makes it unclear whether they are malicious. GreyNoise has published packet captures for recent events, calling for cybersecurity researchers to join the investigation and contribute insights to help solve the mystery.

In conclusion, these Noise Storms indicate deliberate efforts by knowledgeable actors rather than large-scale misconfigurations. The unique characteristics of these events highlight the need for adaptive strategies and tools beyond traditional security measures.

Please let me know if you need any further information or assistance.

Full Article