Killnet has declared war on the countries that support Ukraine

Killnet has declared war on the countries that support Ukraine

The cyber attacks against Lithuania started on June 20. For the next ten days, the websites of the government and some local companies were bombarded with Ddos (Distributed denial of service) attacks, which overloaded the portals with traffic and sent them offline. "Ddos attacks usually focus on one or two targets and generate huge traffic," explains Jonas Sakrdinskas, interim director of Lithuania's national cybersecurity center. This time, however, things turned out differently.

A few days before the attacks began, Lithuania had blocked the passage of coal and metal on its territory in the direction of the Russian exclave of Kaliningrad, further strengthening his support for Ukraine in the war with Russia. On its Telegram channel - which has 88,000 followers - the pro-Russian cyber group Killnet had published the message: "Lithuania, are you crazy? 🤔". The group then called on hacktivists to attack Lithuanian websites, citing a number of other pro-Russian hacker groups and sharing a list of targets.

The attacks, Sakrdinskas says, have been ongoing and have affected all. areas of daily life in Lithuania. In total, according to the Lithuanian government, more than 130 sites in the public and private sectors have been "blocked" or made inaccessible. Sakrdinskas explains that the attacks, attributed to Killnet, have abated since the beginning of July and that the Lithuanian government has opened a criminal investigation.

Cyberattacks are just the latest wave of actions by pro-Russian "hacktivists" since the start of the Russian invasion of Ukraine. In recent months, Killnet has targeted a growing number of countries that have supported Ukraine but are not directly involved in the war. Attacks on websites in Germany, Romania, Norway, Lithuania and the United States have all been traced back to the group. In Italy, in collaboration with Legion, another openly pro-Russian cyber group, Killnet hit the sites of the Senate, the Ministry of Defense, the Higher Institute of Health, the Automobile Club of Italy, in what the group later defined. mockingly a "cybe r exercise". Killnet has declared "war" on ten nations, and the attacks often come after one country offers its support to Ukraine. Meanwhile XakNet, another pro-Russian hacktivist group, said it has targeted Ukraine's largest private energy company and government.

While cybersecurity experts have often warned from possible Russian attacks on Western countries, the efforts of voluntary hacktivist groups can have an effect without being officially supported or led by the Russian state. "The purpose of these attacks is certainly malicious - says Ivan Righi, an analyst who deals with cyber threat intelligence at the cyber security company Digital Shadows and who has studied Killnet -. They do not work with Russia, but in support of Russia" .

What Killnet is and how it works See more Subscribe to Gadgetland and other Wired newsletters! Arrow Initially Killnet was born as a tool for Ddos attacks, and was first identified in January of this year, explains Righi: "They advertised this app or this website, where you could engage a botnet and use it to launch attacks. Ddos ". When Russia invaded Ukraine in late February, however, the group changed course. Most of the activities of Killnet and his "legion" - ordinary citizens who are asked to join the group and launch attacks - is represented by Ddos attacks, Righi continues, underlining, however, that the group has also been linked to defacing activities. - actions aimed at "dirtying" one or more pages of a website, modifying them - and declared that he had stolen data (even if the statements in this sense have not been verified).

The Telegram channel of Killnet, where the group makes political statements and talks about its goals, was created in late February and has doubled its membership since May. "They have begun to gain a lot of popularity among the public in Russia," says Righi, who reports that the group also makes promotional videos and sells their own merchandise.

While unsophisticated, DDOS attacks "will still manage to creating uncertainty among the population by giving the impression that we are a pawn in the current political situation in Europe, "said Sofie Nystrøm, head of the Norwegian cybersecurity agency NSM, after companies in the country were targeted by attacks Ddos at the end of June.

Not just Killnet Russia has long been home to cybercriminals, including several ransomware groups, leaving them free in most cases as long as they don't target Russian companies. At the same time, Russian military hackers have been wreaking havoc on a global level for years: they caused blackouts in Ukraine, hit the Olympics and carried out the most serious cyberattack in history, just to name a few. Since the start of the war in Ukraine, the evidence against Russian state-backed cybercriminals has been mounting, even as Russia has consistently denied that it has launched cyber attacks on other countries. The Russian Embassy in the United States did not immediately respond to a request for comment from UK.

Cyber ​​security authorities in the United States, Australia, Canada, New Zealand and the United Kingdom in April warned of the potential harm that could be caused by pro-Russian groups, such as XakNet and Killnet. While it is unclear who is behind Killnet or whether the group is backed by the Russian state, recently another Russian hacktivist group has been linked to the country's government. In late June, US cybersecurity firm Mandiant, Bloomberg first reported, said Russian intelligence agents had passed on stolen information to XakNet. Ukrainian authorities have also blamed XakNet for the attacks against DTEK, the country's largest private energy company (the group has posted several posts about the company on its Telegram channel, which has 36,000 subscribers).

"We have seen several groups emerge in the context of the Russian invasion of Ukraine - says Alden Wahlstrom, an analyst at Mandiant -. XakNet and Killnet both have a dubious origin". Wahlstrom explains that any claims of hacktivism should be taken with "a healthy dose of skepticism" and that Russian intelligence agencies have an "established history of using front groups" for cyber activities. Cybercriminal group Trickbot, which is made up of several smaller groups like the Conti ransomware gang and has ties to the Russian state, targeted Ukraine for the first time last week, IBM reported. The company described the action as a "huge change" in the group's operations.

Ties to the Russian government and other groups XakNet claims it is not under the leadership of the Russian government. In a post on Telegram, in response to Mandiant's revelations, the group said it "fully" supports the government's position and acknowledges that its activities are not legal, adding that "at the moment" it does not cooperate with the security service. Russian Fsb, but to be "happy to provide data to those who ask for it".

It cannot be ruled out that there are links between Russian hacker groups themselves. In several cases, Wahlstrom points out, collectives have posted information on the activities of other groups on their Telegram channels. When asked to attack Lithuania, for example, Killnet posted a message asking for help from XakNet, Russian ransomware gangs and other pro-Russian hacker groups.

Killnet responded to a request for comment of UK stating that they are "no longer friends" with XakNet. "Our enemy is the [British, ed] government - says the group -. But we do not represent a danger to ordinary people".

WiredLeaks, how to send us an anonymous report Ddos attacks have played a significant role also in Ukraine. The country's authorities have created an army of volunteer hackers, inviting people from all over the world to contribute to attacks on Russian targets. The Ukrainian cyber army said it had shut down, at least temporarily, the websites of several government departments, food delivery services and banks in Russia: last month one of Putin's speeches was delayed by an hour. due to attacks by the cyber army. There have also been actions against Russia by hacktivist groups outside Ukraine, such as Anonymous.

Ultimately, as Russia's war against Ukraine continues, the activity of pro-Russian cyber groups continues to be in line with the country's objectives. "Moscow has deliberately maintained an ambiguous relationship with hacktivist groups operating in Russia," explains Emily Harding, deputy director of the international security program at the Center for Strategic and International Studies, a US-based think tank. Moscow security know who these operators are and will use some form of influence to force them to cooperate when needed. "

Harding points out that analysts predicted that as a form of retaliation against countries supporting Ukraine , Russia allegedly used various tools and groups, subsequently denying any responsibility. DDOS attacks, while not sophisticated, fall within this framework. If attacks by so-called hacktivist groups were to evolve, the chances that they could cause more damage or lead to an escalation of the conflict would also increase. "The risk of miscalculations is real - argues Harding -. No one has yet tested the limits within which IT operations can be carried out without causing an escalation".

This article originally appeared on UK .

Powered by Blogger.