Armada Collective impersonators now posing as Lizard Squad in DDoS scam

A hacker/hacker collective appears to be impersonating other notorious hacker groups in efforts to continue profiting from its fake DDoS scam. On 27 April, IBTimes UK reported about a hacker group claiming to be the Armada Collective pocketing around $100,000 (£68,628) by delivering fake DDoS ransom threats to companies. The group now appears to be posing as Lizard Squad, in efforts to continue the hoax.

Just days after the hacker group was outed by security firm CloudFlare, the rogue entity is back at work, sending out fresh email threats of DDoS attacks to companies, unless they pay up. However, this time, the threat comes in the name of Lizard Squad — the hacker group that gained notoriety in 2014 when they shut down PlayStation and Xbox servers as part of their Christmas cyberattack.

CloudFlare's Justin Paine wrote in a company blog: "Beginning late Thursday evening (Pacific Standard Time) several CloudFlare customers began to receive threatening emails from a 'new' group calling itself the 'Lizard Squad'. These emails have a similar modus operandi to the previous ransom emails. Similar to the group claiming to be the 'Armada Collective', there is a general consensus within the security community that this group claiming to be the 'Lizard Squad' is not in fact actually the group they claim to be. This is another copycat."

Although the hacker group has been sending out authentic-sounding email threats, it is yet to actually make good on the threats by following through. Instead, the cybercriminals seem to be banking on the notoriety of the hacker collectives they are currently posing as, even actively encouraging victims to Google them, all in efforts to scare the victims into making payments.

In all fairness, the ruse seems to have worked well for them, given the thousands of dollars they have already stolen from unsuspecting people.

According to CloudFlare, over 500 companies have received DDoS threats from the group in Lizard Squad's name. The emails appear to be almost identical to the ones that "Armada Collective" sent out and also re-used the same Bitcoin addresses. Using a single Bitcoin address is counterproductive as the hacker group would be unable to determine which companies paid the ransom. This indicates that either the hacker group is amateurish or that they may just be too lazy to follow through on their threats.

It is noteworthy that the hacker group is yet to launch any DDoS attack while posing as either Armada Collective or Lizard Squad.