Lizard Squad is still active and now also acts under another name: BigBotPein

Share this…

Lizard Squad is a group of hackers that was dedicated to cause damage through DDoS attacks. Throughout their career they came to knock down many of the most popular services, although it became popular when they attacked, with previous threat, the Xbox Live and PlayStation Network services.


According to the researchers of a cyber security company, Lizard Squad has not disappeared, but is acting using another name: BigBotPein. The new name suggests that they might have links to botnets and that’s the way it is.

Lizard Squad and BigBotPein, could also be related to Mirai, the powerful Trojan created to generate botnets with devices of the Internet of Things IoT and then launch DDoS attacks. We can mention two of their most outstanding works; Dyn’s DNS, which left part of the Internet unusable by making inaccessible important websites such as PayPal, Amazon, Twitter, Netflix, Spotify, Airbnb, Reddit and SoundCloud, and OVH, which received an attack with a bandwidth that at the time was record.

According to the cyber security company, it’s presumed that Lizard Squad and Mirai are related because both used the same hosting service located in Ukraine: Blazingfast. It is also because the source code of the Trojan was published nine days after the founder of Lizard Squad was captured: Zachary Buchta. The links with BigBotPein have been determined through the analysis of a domain associated with another Mirai scheme launched in 2017, which is linked to a member of the first group of hackers.

Other actions that show connection between the two groups is that in mid-January of this year they decided to change their domains to store them in Rackspace and Search Guide. BigBotPein publicly supported Buchta, then that group of hackers decided to build a botnet using the aforementioned Trojan, infecting computers x86, x64, ARC, MIPS, ARM, SPARC and SuperH.

Information security professionals commented that an Infecting IoT device not only serves to launch DDoS attacks, but they are also a huge resource to perform other criminal activities, such as the cryptocurrency mining. In November of 2017 it was discovered that the control domain [.] Almahosting [.] Ru was spreading Satori, a variant of Mirai, with the miner Monero Stratum inside, also finding links with Lizard Squad.