www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7563
Public Scan
URL:
https://www.darkreading.com/ics-ot/killnet-pro-russia-hacktivist-group-support-influence-grows
Submission: On February 15 via manual from US — Scanned from DE
Submission: On February 15 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
* Black Hat Spring Trainings - March 13-16 - Learn More
* Black Hat USA - August 5-10 - Learn More
Webinars
* Deciphering the Hype Around XDR
Feb 16, 2023
* The Ransomware Evolution: Protecting Against Professionalized Cybercriminal
Operations
Feb 21, 2023
Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft
Partner Perspectives: Zscaler
Newsletter
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
* Black Hat Spring Trainings - March 13-16 - Learn More
* Black Hat USA - August 5-10 - Learn More
Webinars
* Deciphering the Hype Around XDR
Feb 16, 2023
* The Ransomware Evolution: Protecting Against Professionalized Cybercriminal
Operations
Feb 21, 2023
Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft
Partner Perspectives: Zscaler
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
* Black Hat Spring Trainings - March 13-16 - Learn More
* Black Hat USA - August 5-10 - Learn More
Webinars
* Deciphering the Hype Around XDR
Feb 16, 2023
* The Ransomware Evolution: Protecting Against Professionalized Cybercriminal
Operations
Feb 21, 2023
Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Microsoft
Partner Perspectives: Zscaler
--------------------------------------------------------------------------------
Newsletter
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.
Announcements
1.
2.
Event
Emerging Cybersecurity Technologies: What You Need to Know - A Dark Reading
March 23 Virtual Event | <GET YOUR PASS>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top
of Mind | <READ IT NOW>
PreviousNext
ICS/OT Security
5 MIN READ
News
INSIDE KILLNET: PRO-RUSSIA HACKTIVIST GROUP'S SUPPORT AND INFLUENCE GROWS
Killnet is building its profile, inspiring jewelry sales and rap anthems. But
the impact of its DDoS attacks, like the ones that targeted 14 major US
hospitals this week, remain largely questionable.
Jai Vijayan
Contributing Writer, Dark Reading
February 01, 2023
Source: Billion Photos via Shuttertock
PDF
Pro-Russian hacktivist group Killnet this week launched distributed
denial-of-service (DDoS) attacks on networks belonging to 14 major US hospitals
in its continuing retaliation campaign against entities in countries the threat
actor perceives as hostile to Russian interests in Ukraine.
The attacks — like most Killnet attacks since Russia's invasion last February —
appear to have done little to seriously disrupt network operations at any of the
targeted organizations, which included Stanford Health, Michigan Medicine, Duke
Health, and Cedars-Sinai.
DESIGNED TO GARNER MORE SUPPORT
That said, they are likely going to garner Killnet more support from other
like-minded hacktivists in Russia and elsewhere, and possibly even fuel
investments into its operations from others, making them more dangerous in the
process, security experts said this week.
"Killnet has been actively attacking anyone who supports Ukraine or goes against
Russia for almost 12 months now," says Pascal Geenens, director of threat
intelligence at Radware. "They have been dedicated to their cause and have had
the time to build experience and increase their circle of influence across
affiliate pro-Russian hacktivist groups."
Killnet surfaced last year, soon after Russia invaded Ukraine in February. Since
then, the group has carried out a series of often high-profile DDoS attacks on
organizations in critical infrastructure sectors in the US and multiple other
countries. Their victims have included airports, banks, defense contractors,
hospitals, Internet service providers, and the White House.
Killnet's latest DDoS campaign this week against hospitals in the US and medical
institutions in multiple other countries, including Germany, Poland, and the UK,
were likely motivated by the recent US-led decision by NATO countries to send
battle tanks to Ukraine. However, the impact of these attacks remains
questionable.
KILLNET'S QUESTIONABLE DDOS IMPACT
Mary Masson, director of public relations at Michigan Medicine, for instance,
says Killnet's DDoS attacks hit multiple of its websites on Jan. 30, including
uofmhealth.org and mottchildren.org. Masson describes the attacks as causing
"intermittent problems" for some of Michigan Medicine's public-facing websites
hosted by a third-party service provider.
"None of the sites impacted contain patient information, and all patient
information is safe," she notes. "Patients were always still able to access the
patient portal via myuofmhealth.org." The websites were all back to almost
normal operations a day later, on Jan. 31.
Sally Stewart, associate director of media relations at Cedars-Sinai, describes
Killnet's DDoS attack as having a similarly low impact on the hospital's
operations: "The Cedars-Sinai website experienced a brief service interruption
early Monday morning that has resolved. The website remains fully functional,"
Stewart said in an emailed statement to Dark Reading.
Stanford Healthcare and Duke Health did not immediately respond to Dark
Reading's request for comment.
"They are not as disruptive as they claim to be," Geenens says, adding that
Killnet’s main objective is attracting attention and getting their pro-Russian
message heard. "They go after targets that are visible to the larger public,
such as public websites of institutions, governments, and organizations." Often
the resources the group has targeted are not business-critical.
A MISTAKE TO UNDERESTIMATE
That does not mean the group can be ignored, however. In an advisory following
the recent DDoS attacks, the American Hospital Association described Killnet as
an active threat to the healthcare industry.
"While KillNet’s DDoS attacks usually do not cause major damage, they can cause
service outages lasting several hours or even days," the AHA warned. Killnet's
links to Russia's Foreign Intelligence Service remain unconfirmed, AHA noted,
"[but] the group should be considered a threat to government and critical
infrastructure organizations, including healthcare."
Importantly, Killnet's pro-Russian DDoS crusade has also begun attracting many
more followers and fans. Daniel Smith, head of cyber-threat intelligence at
Radware, says the number of subscribers for @Killnet_reserve on Telegram grew
from about 34,000 subscribers to 85,000 subscribers in June 2022. "Just for
comparison, IT Army of Ukraine has over 200,000 subscribers, but has been losing
subscribers since March 2022," he says.
The group has focused quite a bit on publicity via its Telegram channel, which
it also uses to encourage followers to conduct DDoS attacks of their own.
JEWELRY AND RAP ANTHEMS: GROWING KILLNET SUPPORT
Radware's Geenens points to affiliate Russian groups such as NoName and the
Passion Group offering their DDoS botnets to Killnet for carrying out attacks as
one indication of the growing support it has begun attracting within Russia.
Other signs of the support that Killnet has mobilized in recent months include a
song in the gang's honor, titled “KillnetFlow (Anonymous diss)” by a Russian
rapper, and the sale of Killnet-related jewelry by a Moscow-based jewelry maker
called HooliganZ. Killnet has also received some $44,000 worth of financial
support from a Dark Web marketplace called Solaris, according to Radware.
"Killnet’s influence, reach, and skills are growing, and they are not showing
signs of slowing down or retiring soon," Geenens warns.
It's unclear how, if at all, Killnet will leverage its growing support, or
whether it will pivot to other, more dangerous forms of attack. Aleksandr
Yamploskiy, co-founder and CEO at SecurityScorecard, notes how Killnet began as
a financially motivated operation offering a botnet for hire. But it has since
become more of a hacktivist collective, conducting a series of relatively
low-sophistication DDoS attacks against targets it perceives to oppose the
Russian invasion of Ukraine. "Killnet has historically made use of open proxy IP
addresses and publicly available scripts in its attacks," he says.
What makes the group now potentially more dangerous are its growing reach and
skills, Radware's Smith adds. A few months ago, Radware's assessment of the risk
posed by a pro-Russian hacktivist group such as Killnet would have been low, he
explains. "But after 12 months of building their experience," he says,
"advancing their tools and growing their social network, I’m more likely to
increase that risk to moderate."
While there's no reason for panic, it is better to err on the side of caution
and be prepared. "Everyone in the security community knows it does not take
extremely skilled or sophisticated actors to disrupt or cause impact to an
organization or infrastructure," Smith adds.
Vulnerabilities/ThreatsThreat IntelligenceAttacks/BreachesAdvanced Threats
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe
More Insights
White Papers
*
How Machine Learning, AI & Deep Learning Improve Cybersecurity
*
State of Email Security
More White Papers
Webinars
*
Deciphering the Hype Around XDR
*
The Ransomware Evolution: Protecting Against Professionalized Cybercriminal
Operations
More Webinars
Reports
*
The Promise and Reality of Cloud Security
*
10 Hot Talks From Black Hat USA 2022
More Reports
Editors' Choice
Nearly All Firms Have Ties With Breached Third Parties
Robert Lemos, Contributing Writer, Dark Reading
Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete
Takeover
Nate Nelson, Contributing Writer, Dark Reading
Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry
Shikha Kothari, Senior Security Adviser, Eden Data
Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status
Nate Nelson, Contributing Writer, Dark Reading
Webinars
* Deciphering the Hype Around XDR
* The Ransomware Evolution: Protecting Against Professionalized Cybercriminal
Operations
* Shoring Up the Software Supply Chain Across Enterprise Applications
* The Importance of Bespoke Security
* Ten Emerging Vulnerabilities Every Enterprise Should Know
More Webinars
Reports
* The Promise and Reality of Cloud Security
* 10 Hot Talks From Black Hat USA 2022
* How Machine Learning, AI & Deep Learning Improve Cybersecurity
* Enterprise Cybersecurity Plans in a Post-Pandemic World
* Increased Cooperation Between Access Brokers, Ransomware Operators Reviewed
More Reports
White Papers
* How Machine Learning, AI & Deep Learning Improve Cybersecurity
* State of Email Security
* Ransomware Resilience and Response: The Next-Generation
* Ransomware Is On The Rise
* State of Ransomware Readiness: Facing the Reality Gap
More White Papers
Events
* Black Hat Spring Trainings - March 13-16 - Learn More
* Emerging Cybersecurity Technologies - A Dark Reading Mar 23 Event
* Black Hat Asia - May 9-12 - Learn More
More Events
More Insights
White Papers
*
How Machine Learning, AI & Deep Learning Improve Cybersecurity
*
State of Email Security
More White Papers
Webinars
*
Deciphering the Hype Around XDR
*
The Ransomware Evolution: Protecting Against Professionalized Cybercriminal
Operations
More Webinars
Reports
*
The Promise and Reality of Cloud Security
*
10 Hot Talks From Black Hat USA 2022
More Reports
DISCOVER MORE FROM INFORMA TECH
* Interop
* InformationWeek
* Network Computing
* ITPro Today
* Data Center Knowledge
* Black Hat
* Omdia
WORKING WITH US
* About Us
* Advertise
* Reprints
FOLLOW DARK READING ON SOCIAL
*
*
*
*
*
* Home
* Cookies
* Privacy
* Terms
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.
Cookies Button
ABOUT COOKIES ON THIS SITE
We and our partners use cookies to enhance your website experience, learn how
our site is used, offer personalised features, measure the effectiveness of our
services, and tailor content and ads to your interests while you navigate on the
web or interact with us across devices. You can choose to accept all of these
cookies or only essential cookies. To learn more or manage your preferences,
click “Settings”. For further information about the data we collect from you,
please see our Privacy Policy
Accept All
Settings
COOKIE PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
BACK
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
*
View Cookies
* Name
cookie name
Confirm My Choices