Killnet
Killnet is a pro-Russia hacker group known for its DoS (denial of service) and DDoS (distributed denial of service) attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.
Five Eyes alert
The Five Eyes intelligence alliance issued a warning about attacks on critical infrastructure by Russian-aligned groups, including Killnet, in April 2022.[1][2]
Attacks
Romania
Killnet were behind attacks on Romanian government websites from 29 April 2022 to 1 May 2022.[3]
Moldova
Following explosions in unrecognized Transnistria, the Information and Security Service of the Republic of Moldova reported that the pro-Killnet hacking group had launched a series of cyberattacks from abroad against websites of Moldovan official authorities and institutions. This was days after the attack on Romanian websites.[4]
Czech Republic
Killnet claimed responsibility for attacks on Czech state institution web sites in April 2022.[5]
Italy
The websites of the Istituto Superiore di Sanità and the Automobile Club of Italy were attacked on Friday 14 May 2022 The Italian Senate website was attacked and blocked for an hour in the same attack.[6] On May 29, 2022, they announced an "irreparable damage" attack on Italy scheduled for the following day. On May 30, 2022, it attacked Italy and managed to block a few websites, while the attack on the CSIRT site was unsuccessful. The attack was not as devastating as predicted. Killnet later complimented the CSIRT for their defensive work, mocking the government to raise a few thousand dollars to the team for their work.
Attack on Eurovision 2022
Killnet hackers are suspected of having made an attempt to block the Eurovision Song Contest website during Ukraine's performance at the 2022 contest with a DDoS attack, which was blocked by the Italian state police, however, the group denied on their Telegram channel that their attack had failed. They subsequently attacked the state police site emphasizing how they blocked the attack on Eurovision and not the same.[6] Following the attack, they threatened to attack 10 European countries, including Italy.[6]
Lithuania
The group claimed responsibility for the DDoS attacks against Lithuanian network infrastructure.[7][8][9] They said that the cyber attack on Lithuania was in retaliation for it stopping transit of goods to Russia's Kaliningrad exclave.[7][8][9]
Norway
The group targeted Norwegian organizations through various DDoS attacks on June 28, 2022. The National Security Authority of Norway believed no private data was compromised.[10][11]
Latvia
Killnet targeted Latvia's public broadcaster in the largest cyberattack in the country's history. The broadcaster said the attack was repelled.[12]
United States
On 1 August 2022, the group and its founder called "Killmilk" claimed responsibility for a cyber-attack on the American defence corporation Lockheed Martin, as a retaliation for the HIMARS systems supplied by U.S. to Ukraine. The group said that the Lockheed Martin “is the actual sponsor of world terrorism" and that "is responsible for thousands and thousands of human deaths." Shortly before the attack, the group announced it will carry out a new type of cyber-attack, different from their DoS and DDoS cyber-attacks carried out before. Killmilk said the attack targeted Lockheed Martin's production systems as well as informations about the company’s employees for them to be “persecuted and destroyed around the world!”.[13]
Several US airport websites were attacked on 10 October 2022.[14]
Japan
On September 6, 2022, Killnet announced that it had attacked 23 websites of four ministries and agencies, including e-Gov, a portal site for administrative information administered by the Digital Agency, and eLTAX, a local tax website administered by the Ministry of Internal Affairs and Communications, as well as the social network service "mixi".[15][16] On September 7, they also posted a video declaring war on the Japanese government and announced that they had attacked the Tokyo Metro and Osaka Metro.[17][18] At a press conference on the same day, Chief Cabinet Secretary Hirokazu Matsuno explained that no information had been leaked as a result of this attack at this time. As for Killnet's involvement, he stated, "We are aware that they are hinting at a criminal act, but we are still confirming the cause of the failure, including the relevance.[16]
References
- ^ Hardcastle, Jessica Lyons (2022-04-21). "Five Eyes nations fear wave of Russian attacks against critical infrastructure". Retrieved 2022-05-22.
- ^ Burgess, Christopher (2022-04-21). "New Five Eyes alert warns of Russian threats targeting critical infrastructure". csoonline.com. International Data Group. Retrieved 2022-05-22.
- ^ Chirileasa, Andrei (2022-05-02). "Romania under cyberattack coming from Russia's KillNet". Romania-Insider.com. Retrieved 2022-05-22.
- ^ "Killnet attacked several websites of state institutions in the Republic of Moldova". Tylaz. 22 May 2022.
- ^ "Czech Television hit in another wave of cyber attacks". expats.cz. 2022-04-29. Retrieved 2022-05-22.
- ^ a b c "Russian hackers declare war on 10 countries after failed Eurovision DDoS attack". techcentral.ie. 2022-05-16. Retrieved 2022-05-22.
- ^ a b "Russia's Killnet hacker group says it attacked Lithuania". Reuters. 2022-06-27. Retrieved 2022-07-03.
- ^ a b Goodin, Dan (2022-06-27). "Pro-Russia threat group Killnet is pummeling Lithuania with DDoS attacks". Ars Technica. Retrieved 2022-07-03.
- ^ a b Mascellino, Alessandro (2022-06-27). "Pro-Russian Hacker Group Killnet Hits Critical Government Websites in Lithuania". infosecurity-magazine.com. Retrieved 2022-07-03.
- ^ Treloar, Stephen (30 June 2022). "Russian Hackers Target Norway in Latest Volley of Cyber Attacks". Bloomberg News. Retrieved July 3, 2022.
- ^ Solsvik, Terje; Fouche, Gwladys; Williams, Alison (29 June 2022). "Norway blames "pro-Russian group" for cyber attack". Reuters. Retrieved July 3, 2022.
- ^ Moody, Oliver. "Pro-Kremlin hackers Killnet hit Latvia with biggest cyberattack in its history". The Times. Times Newspapers Limited. Archived from the original on 8 July 2022. Retrieved 8 July 2022.
- ^ "Double Whammy: Russian Hackers Launch Cyber Attacks On Lockheed Martin; Armed Forces Hack Into HIMARS — Reports". eurasiantimes.com. 2 August 2022.
- ^ "US airports' sites taken down in DDoS attacks by pro-Russian hackers". BleepingComputer. Retrieved 2022-10-10.
- ^ 日本放送協会. "ロシアを支持のハッカー集団 日本政府サイトにサイバー攻撃か | NHK". NHKニュース. Retrieved 2022-09-07.
- ^ a b "サイバー攻撃、4省庁で影響 情報漏えい「現時点なし」:東京新聞 TOKYO Web". 東京新聞 TOKYO Web (in Japanese). Retrieved 2022-09-07.
- ^ "ロシア支持のハッカー集団「キルネット」 日本政府への宣戦布告動画を投稿". テレ朝news (in Japanese). Retrieved 2022-09-07.
- ^ 日本放送協会. "親ロシア派のハッカー集団 "日本政府に宣戦布告" 動画投稿 | NHK". NHKニュース. Retrieved 2022-09-07.