Menu
Browse

Cyber Threat Actor: DERP Trolling

Actor Type Location Known Incidents
 Icon
Sensationalist
Russia
7 incidents
Profile

DERP Trolling isa hacker group known by that alias, with its location identified as Russia. The actor has conducted distributed denial‑of‑service operations targeting online gaming services and at least one Cloudflare‑protected client. Their activity has been observed in early 2014, focusing on platforms such as Steam, Origin, Battle.net, League of Legends, World of Tanks and EA.com, as well as a major content‑delivery network customer. The attacks were carried out in conjunction with harassment and swatting incidents directed at a specific game streamer, indicating a retaliatory context rather than financially motivated crime.

DERP Trolling’s primary tactic involves amplifying traffic through reflection protocols. The February 2014 attack used Network Time Protocol monlist responses to generate over 400 gigabits per second of traffic against a Cloudflare client. In the gaming‑focused incidents the group employed a tool it called the “Gaben Laser Beam,” which it described as an Ion Cannon‑style DDoS utility. It solicited target selections via a public phone number and Twitter account. The group claimed responsibility for these operations on social media. While doing so, it denied direct involvement in the personal harassment of the streamer.

Representative operations include the February 11 2014 NTP amplification assault that set a record for volumetric DDoS size at the time. The January 2014 series of attacks temporarily disrupted Steam, Origin, Battle.net, League of Legends and related services. Those incidents were linked to the Gaben Laser Beam tool and the group’s public solicitation of targets via phone number and Twitter. Together these campaigns illustrate the actor’s reliance on protocol amplification and a publicly advertised DDoS‑as‑a‑service style targeting.

Incidents
Attributed incidents available to members
7 incidents
Sources
Sources available to members
1 source