New World Hackers and BlazingFast

New World Hackers and BlazingFast

Is this “really really” the work of Russian and Chinese hackers?


During the latests hours, we have read all kind of statements regarding the latest attacks against Dyn infrastructure. Statements include that the group is formed by hackers from Russia and China.

Twitter Logo New World Hackers


The information spread in the media pointing to Russia and Chinese hackers lacks serious evidence so we have decided to disclose what we know from the group.

  • New Word Hackers share common methods and infrastructure that @BannedOffline. They operate using free services including free trials of VPN and CDNs from several providers.
  • @newworldhacking and @BannedOffline advertised the stresser service and
  • @BannedOffline and Fantomnet claim to be operating
  • Fantomnet keeps source code of the DDOS tools in github here
  • @SinfulHazeCE claims membership of NWH.
  • Hidden servers from NWH are hosted in BlazingFast LLC aka
  • During the past days, free attacks were offered via the site
  • Spoofit has received attacks directly claimed by @BannedOffline originated from AS30823 Combahton IT.
  • The group and @BannedOffline has never showed any evidence of controlling the IoT botnet Mirai or any of their variants.
  • Update 24th October: @BannedOffline deactivates and then reactivates his twitter account.


A free DDOS tool

New World Hackers announced a few DDoS tool in their website tool reassembles the old versions of “LOIC” but in this case the tool is just proxying the attacks to the origin server.

LOIC revamped
LOIC revamped

Those interested can browse the source code here and notice the skill level of the group, we are providing a mirror copy of the DDOS portal of the New World Hackers DDoS tool.

Where is the origin?

In the past we have tracked hidden services from this group to the IP

The provider is trading as dotsi Solucoes Internet and AS4939

After scanning their IP space to find the hidden origin, we discovered the location of the hidden website of New World Hackers is at also in

So, Is this “really really” the work of Russian and Chinese hackers?