GreyNoise Intelligence Uncovers New Internet Noise Storm with Potential China Link and Cryptic “LOVE” Message

by do son · September 22, 2024

GreyNoise Intelligence has recently released findings regarding a new and increasingly complex wave of “Noise Storms” – massive, enigmatic surges of fake traffic that have baffled experts since 2020. This latest storm, while seemingly originating from Brazil, has exposed intriguing connections to a Chinese content delivery network, along with an embedded ASCII string “LOVE,” adding layers of complexity to an already puzzling phenomenon.

These Noise Storms, characterized by millions of spoofed IP addresses generating anomalous network activity, have been the subject of various hypotheses. While the true purpose remains elusive, the storms’ characteristics are well-documented: a predominance of ICMP traffic directed towards port 443 (HTTPS) with a conspicuous absence of UDP traffic. This latest storm, however, showcases advanced techniques such as intelligent TTL spoofing, OS emulation, and increasingly targeted attacks, primarily bypassing AWS while impacting other major providers.

The discovery of a link to a Chinese content delivery network servicing prominent platforms like QQ, WeChat, and WePay raises significant concerns about the potential involvement of sophisticated actors. The presence of the cryptic “LOVE” message embedded within ICMP packets further deepens the intrigue surrounding these events.

In light of these findings, GreyNoise Intelligence urges network operators and security researchers to exercise heightened vigilance and report any related observations. The company has also released packet captures of recent storms on GitHub for community analysis.

GreyNoise experts emphasize the necessity for security professionals to prioritize actionable threats, optimize resource efficiency, maintain a proactive security posture, and leverage real-time, actionable intelligence. The Noise Storms serve as a potent reminder that threats can evolve in unpredictable ways, demanding constant adaptability and preparedness from the cybersecurity community.