Killnet

Last updated

Killnet is a pro-Russia hacker group known for its DoS (denial of service) and DDoS (distributed denial of service) attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.

Contents

Five Eyes alert

The Five Eyes intelligence alliance issued a warning about attacks on critical infrastructure by Russian-aligned groups, including Killnet, in April 2022. [1] [2]

Attacks

Romania

Killnet were behind attacks on Romanian government websites from 29 April 2022 to 1 May 2022. [3]

Moldova

Following explosions in unrecognized Transnistria, the Information and Security Service of the Republic of Moldova reported that the pro-Killnet hacking group had launched a series of cyberattacks from abroad against websites of Moldovan official authorities and institutions. This was days after the attack on Romanian websites. [4]

Czech Republic

Killnet claimed responsibility for attacks on Czech state institution web sites in April 2022. [5]

Italy

The websites of the Istituto Superiore di Sanità and the Automobile Club of Italy were attacked on Friday 14 May 2022. The Italian Senate website was attacked and blocked for an hour in the same attack. [6] On 29 May 2022, they announced an "irreparable damage" attack on Italy scheduled for the following day. On 30 May 2022, it attacked Italy and managed to block a few websites, while the attack on the CSIRT site was unsuccessful. The attack was not as devastating as predicted. Killnet later complimented the CSIRT for their defensive work, mocking the government to raise a few thousand dollars to the team for their work.

Attack on Eurovision 2022

Killnet hackers are suspected of having made an attempt to block the Eurovision Song Contest website during Ukraine's performance at the 2022 contest with a DDoS attack, which was blocked by the Italian state police, however, the group denied on their Telegram channel that their attack had failed. They subsequently attacked the state police site emphasizing how they blocked the attack on Eurovision and not the same. [6] Following the attack, they threatened to attack 10 European countries, including Italy. [6]

Lithuania

The group claimed responsibility for the DDoS attacks against Lithuanian network infrastructure. [7] [8] [9] They said that the cyber attack on Lithuania was in retaliation for it stopping transit of goods to Russia's Kaliningrad exclave. [7] [8] [9]

Norway

The group targeted Norwegian organizations through various DDoS attacks on 28 June 2022. The National Security Authority of Norway believed no private data was compromised. [10] [11]

Latvia

Killnet targeted Latvia's public broadcaster in the largest cyberattack in the country's history. The broadcaster said the attack was repelled. [12]

United States

On 1 August 2022, the group and its founder called "Killmilk" claimed responsibility for a cyber-attack on the American defence corporation Lockheed Martin, as a retaliation for the HIMARS systems supplied by U.S. to Ukraine. The group said that the Lockheed Martin “is the actual sponsor of world terrorism" and that "is responsible for thousands and thousands of human deaths." Shortly before the attack, the group announced it will carry out a new type of cyber-attack, different from their DoS and DDoS cyber-attacks carried out before. Killmilk said the attack targeted Lockheed Martin's production systems as well as informations about the company’s employees for them to be “persecuted and destroyed around the world!”. [13]

Several US airport websites were attacked on 10 October 2022. [14]

Japan

On 6 September 2022, Killnet announced that it had attacked 23 websites of four ministries and agencies, including e-Gov, a portal site for administrative information administered by the Digital Agency, and eLTAX, a local tax website administered by the Ministry of Internal Affairs and Communications, as well as the social network service "mixi". [15] [16] On September 7, they also posted a video declaring war on the Japanese government and announced that they had attacked the Tokyo Metro and Osaka Metro. [17] [18] At a press conference on the same day, Chief Cabinet Secretary Hirokazu Matsuno explained that no information had been leaked as a result of this attack at this time. As for Killnet's involvement, he stated, "We are aware that they are hinting at a criminal act, but we are still confirming the cause of the failure, including the relevance. [16]

Georgia

According to the Twitter post published by the threat research firm CyberKnow, Killnet and their founder, Killmilk threatened that they would attack the Georgian government if it continues to work against the Russian Federation. [19]

Germany

On 26 January 2023, the German Federal Office for Information Security (BSI) announced that a wide-ranging DDoS attack against various agencies and companies in Germany was taking place since the night before. [20] According to the BSI, websites from airports were particularly affected, as well as those of companies in the financial sector and those of the federal and state administrations. [20] The attacks had been announced in advance by Killnet, supposedly as retaliation for the German government's decision to send Leopard 2 battle tanks to Ukraine. [21]

International Committee of the Red Cross rules

In October 2023 they initially refused to abide by ICRC rules for hackers, but later agreed to. [22] [23]

Unmasking of leader

In November 2023 Gazeta.Ru named a man they claimed was Killmilk, the leader of Killnet. [24] This follows claims that he had started targeting the Russian Federation. [24]

Related Research Articles

Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. Research has also shown that large conflicts took place to edit the English-language version of the Bronze Soldier's Wikipedia page.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat (APT) groups, against other countries.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.

In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.

<span class="mw-page-title-main">CyberBerkut</span> Group of pro-Russian hackers

CyberBerkut is a modern organized group of pro-Russian hacktivists. The group became locally known for a series of publicity stunts and distributed denial-of-service (DDoS) attacks on Ukrainian government, and western or Ukrainian corporate websites. By 2018, this group was accused by western intelligence agencies, such as National Cyber Security Centre of being linked to the GRU, providing plausible deniability.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

Beginning 29 April 2022, at 04:05 EEST, a series of multiple DDoS attacks were launched against several Romanian government, military, bank and mass media websites. Behind the attacks was the pro-Kremlin hacking group Killnet, who resorted to this in response to a declaration made by Florin Cîțu, the then-President of the Senate of Romania, that Romania would provide Ukraine with military aid. The Russian Federation, who invaded the latter, publicly spoke against Western military support for Ukraine, stating that it would result in "lightning-fast retaliatory strikes". The DDoS attacks continued until 1 May.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the 2022 Russian invasion of Ukraine began.

NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries.

Anonymous Sudan is a hacker group that has been active since mid-January 2023 and believed to have originated from Russia with no links to Sudan or Anonymous. They have launched a variety of distributed denial-of-service (DDoS) attacks against targets.

References

  1. Hardcastle, Jessica Lyons (21 April 2022). "Five Eyes nations fear wave of Russian attacks against critical infrastructure" . Retrieved 22 May 2022.
  2. Burgess, Christopher (21 April 2022). "New Five Eyes alert warns of Russian threats targeting critical infrastructure". csoonline.com. International Data Group . Retrieved 22 May 2022.
  3. Chirileasa, Andrei (2 May 2022). "Romania under cyberattack coming from Russia's KillNet". Romania-Insider.com. Retrieved 22 May 2022.
  4. "Killnet attacked several websites of state institutions in the Republic of Moldova". Tylaz. 22 May 2022. Archived from the original on 31 May 2022. Retrieved 22 May 2022.
  5. "Czech Television hit in another wave of cyber attacks". expats.cz. 29 April 2022. Retrieved 22 May 2022.
  6. 1 2 3 "Russian hackers declare war on 10 countries after failed Eurovision DDoS attack". techcentral.ie. 16 May 2022. Retrieved 22 May 2022.
  7. 1 2 "Russia's Killnet hacker group says it attacked Lithuania". Reuters. 27 June 2022. Retrieved 3 July 2022.
  8. 1 2 Goodin, Dan (27 June 2022). "Pro-Russia threat group Killnet is pummeling Lithuania with DDoS attacks". Ars Technica . Retrieved 3 July 2022.
  9. 1 2 Mascellino, Alessandro (27 June 2022). "Pro-Russian Hacker Group Killnet Hits Critical Government Websites in Lithuania". infosecurity-magazine.com. Retrieved 3 July 2022.
  10. Treloar, Stephen (30 June 2022). "Russian Hackers Target Norway in Latest Volley of Cyber Attacks". Bloomberg News . Retrieved 3 July 2022.
  11. Solsvik, Terje; Fouche, Gwladys; Williams, Alison (29 June 2022). "Norway blames "pro-Russian group" for cyber attack". Reuters . Retrieved 3 July 2022.
  12. Moody, Oliver. "Pro-Kremlin hackers Killnet hit Latvia with biggest cyberattack in its history". The Times . Times Newspapers Limited. Archived from the original on 8 July 2022. Retrieved 8 July 2022.
  13. "Double Whammy: Russian Hackers Launch Cyber Attacks On Lockheed Martin; Armed Forces Hack Into HIMARS — Reports". eurasiantimes.com. 2 August 2022.
  14. "US airports' sites taken down in DDoS attacks by pro-Russian hackers". BleepingComputer. Retrieved 10 October 2022.
  15. 日本放送協会. "ロシアを支持のハッカー集団 日本政府サイトにサイバー攻撃か | NHK". NHKニュース. Retrieved 7 September 2022.
  16. 1 2 "サイバー攻撃、4省庁で影響 情報漏えい「現時点なし」:東京新聞 TOKYO Web". 東京新聞 TOKYO Web (in Japanese). Archived from the original on 7 September 2022. Retrieved 7 September 2022.
  17. "ロシア支持のハッカー集団「キルネット」 日本政府への宣戦布告動画を投稿". テレ朝news (in Japanese). Retrieved 7 September 2022.
  18. 日本放送協会. "親ロシア派のハッカー集団 "日本政府に宣戦布告" 動画投稿 | NHK". NHKニュース. Retrieved 7 September 2022.
  19. "Killnet and Killmilk threatens the Georgian government! Know more". The Tech Outlook. 14 September 2022. Retrieved 14 September 2022.
  20. 1 2 "Großangelegter Hacker-Angriff auf Deutschland". ZDF (in German). 26 January 2023. Retrieved 26 January 2023.
  21. "Prorussische Hacker drohen mit Vergeltung für Leopard-Entscheidung". Handelsblatt (in German). 25 January 2023. Retrieved 26 January 2023.
  22. Tidy, Joe (4 October 2023). "Rules of engagement issued to hacktivists after chaos". BBC News . Retrieved 15 October 2023.
  23. Tidy, Joe (6 October 2023). "Ukraine cyber-conflict: Hacking gangs vow to de-escalate". BBC News . Retrieved 15 October 2023.
  24. 1 2 Jones, Connor (27 November 2023). "Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media". The Register . Retrieved 27 November 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.