The Russian DDoS One or RD1 is an informal grouping of threat actors that focus on providing DDoS booter services on Russian language underground forums.

Besides the advertising, contact information, and the occasional drama, most of the business of Russian DDoS booters is done in private and difficult to attribute. This includes the back-end infrastructure that performs the DDoS attacks. To shed some light on the latter, this presentation will take a closer look at some of these RD1 threat actors, their booters, and their supporting DDoS botnets.