Hacktivist group Killnet rose to prominence in 2022. After the launch of SVO, it openly sided with Russia. It carried out high-profile DDoS attacks against significant targets such as the US Federal Tax Service, the European Union’s banking systems SWIFT, and the American arms company Lockheed IBAN. Martin et al. At the same time, little was known for a long time about the identity of its leader, hacker Killmilk. In the public sphere, he formed the image of a great patriot of the Russian Federation, an enemy of Ukraine, and an influential personality in the Russian-speaking community of cybercriminals.[1]
According to socialbites.ca, KillMilk’s real name is Nikolai Nikolaevich Serafimov. The future hacker was born on 16 May 1993. The married couple owns at least two cars: a BMW 520i and a Porsche Panamera. His wife runs the first, and the second is by Serafimov. This information was confirmed by hacktivists Abbadon and NET-WORKER, founder of the Dark Femida project Pyotr Vrublevsky, as well as a socialbites.ca source associated with law enforcement agencies.
Hacktivist Abbadon - Hacktivist Abbadon also told socialbites.ca that Serafimov had previously been convicted of distribution, illegal production, sale, or transfer of narcotic drugs, psychotropic substances, or their analogs (Article 228.1 of the Criminal Code of the Russian Federation). He served his sentence in IK-2 in Salavat in the Republic of Bashkortostan. socialbites.ca could not verify this data.
Killmilk himself neither denied nor confirmed information regarding his identity. However, he asked the socialbites.ca correspondent to explain the source. This interest stemmed from his desire to ensure the safety of his family. After the refusal, the hacker cut off communication with the publication’s correspondent and deleted the correspondence.
Some former Killmilk employees interviewed by socialbites.ca describe Nikolai Serafimov as a person with a talent for persuasion and good social engineering skills. So, a hacktivist knows how to rally people around him and motivate them to do what he needs. “Killmilk is also good as a brand creator; He knows how to create and sell information products. Like Infogypsy bloggers, you know? He is also quite weak as a technical expert. Killmilk has some DDoS capabilities, but they are mostly limited to using others’ botnets (a group of devices configured by malware to perform DDoS attacks – editor’s note) for its own purposes. The rest: hacking, consolidation, development of attacks… Others do all this for him,” one of them told socialbites.ca.
Skeletons in the Closet - Although Killmilk has a positive hero image in the eyes of ordinary people, he has a controversial reputation in the cybercrime community. Serafimov has many rivals who accuse him of various crimes, and they believe that he casts a shadow over the Russian-speaking hacktivist community. For example, in August 2022, Killmilk defrauded (i.e., cheated) the administrator of the RuTor darknet forum for 1 million rubles. and promised to transfer half of this amount to “orphanages of the Russian Federation,” as well as provide evidence of charity effectiveness. Since then, there has been no confirmation of transferring money to orphanages. In a dialogue with socialbites.ca, the representative of Killnet promised to provide evidence of its charitable activity in the near future but never did this. He justified that the RuTor administrator was deceived by the claim that Ukrainian special services supervised this forum. “They did the right thing. This is politics. They took one million to be used to kill our soldiers. This means at least the withdrawal of money from the Ukrainian economy,” said a Killnet representative.
The “Dark School” project that Killmilk launched in the spring of 2023 turned out to be suspicious. “Dark School” was supposed to be nine lessons on hacking skills. In particular, applicants were promised courses on carding (theft and use of other people’s bank card data – editor’s note), data discovery from open sources, social engineering (fraud and deception – editor’s note), DDoS attacks, and the use of spyware. not just. Courses were sold for $250 in Russian, Hindi, English and Spanish.
Hacktivist NET-WORKER told socialbites.ca that about 150 people bought the courses. But not everyone was happy with the content: “students” received material every few weeks. In most cases, they were of no practical value because the information they contained was outdated and freely available. At least one buyer tried to get a refund for Dark School but was unsuccessful.
“The problem with Dark School is that it was not originally designed by Killmilk but by another Killnet member. However, it was advertised and promoted in the name of Killmilk. The training started well. Later, the group member in charge of the school was arrested, and Killmilk had to deal with the problem. “This is how it turned out,” added hacktivist Abbadon, another opponent of Killmilk, who positioned himself as an open-source intelligence (OSINT) expert in a conversation with socialbites.ca.
Killmilk’s crimes include cyberattacks on the Russian Federation’s infrastructure before the start of the SVO. Killmilk first became active in late 2021. This happened on the RuTor forum. Killmilk’s first project was called Universal Dark Service and focused on performing DDoS attacks. The Universal Dark Service project became famous at least for its attacks on the websites of the Federal Penitentiary Service and cooperation with the Gulagu.net project. On the wave of success, Killmilk began offering DDoS as a service, i.e., performing attacks on specific targets in exchange for money.
Also Killmilk implied on his Telegram channel to conduct DDoS attacks against the Russian information security company Zecurion. The company’s website stopped working after an expert from this company spoke in a not-very-nice way about Killnet’s activities in one of the media comments.
It follows from NET-WORKER’s words that KillMilk periodically deceives its own customers. The hacker convinces them to work on invoices: work first, money second. At least one colleague of KillMilk told socialbites.ca that the head of Killnet owed him $ 2 thousand for a private hack.
Against hacktivists
Since the end of October 2023, Killmilk’s authority has been challenged by many of his colleagues on Telegram channels dedicated to hacktivism. An entire alliance has already been formed that opposes Killmilk and seeks to destroy his reputation. There were associations and individual hacktivists such as Dark Femida (positioning itself as a media outlet about cybercrime), Abbadon, NET-WORKER, ForceDDoS, CyberArmy_coordinator, Leader_russ, Stumer_Patriot, Legit_hubb, BTC and others who spoke publicly against Killnet and Killmilk.
From the words of some of them, it becomes clear that many more people are dissatisfied with Killnet’s activities, but they are afraid to speak out against it openly.
“A lot of people are fed up with Kilmilk. Behind the scenes, a significant number of pro-Russian groups oppose him. However, they are afraid of “eating a bite” of him in front of everyone. First of all, they fear the removal of anonymity – Kilmilk likes to reveal the identities of his rivals or blackmail them with this information,” hacktivist NET-WORKER told socialbites.ca.
According to him, hacker Chapaev, who led the Phoenix group, left hacktivism in 2023 under the threat of deanonymization.
Killmilk’s opponents see destroying the hacker’s reputation as their primary goal. To do this, they not only remember Killnet’s various mistakes but also actively collect and publish information about the identity of the group’s leader. They believe publicizing this information would destabilize relations within Killnet and possibly lead to Serafimov’s departure from hacktivist activities.
According to Igor Bederov, head of T. Hunter’s information and analytical research department, removing anonymity is uncomfortable for a hacker because cybercrimes committed under an anonymous username will be compared with his real identity. Additionally, declassifying the name may leave the hacker vulnerable to attacks from enemies in the cybercriminal community.
“Anonymizing a hacker significantly increases the risk of him or her being brought to justice. “Both in the legal and non-legal fields,” he said.
In contrast, Pavel Sitnikov, a hacker and founder of information security company XPanamas, believes that of severe professionals, revealing someone’s identity is not a death sentence. According to him, first of all, young hackers scare Deanon and young and inexperienced competitors.
“Real hackers work cleanly and conduct their business in such a way that it is difficult to offer them anything after the deanship,” Sitnikov said.
Nobility display
Igor Bederov from T. Hunter suggests that one of the reasons why there is currently an active information attack on Killmilk may be the careless and unprofessional actions of the hacker, who, as the leader of Killnet, attracted the attention of his rivals. Killmilk could make powerful enemies by roaming cyberspace and viewing himself as an important figure.
“The comments about him were quite harsh. Moreover, professional hackers criticized the entire group for being unprofessional. Bederov noted that almost the hacker parties noted the scandalous and unethical attitude toward the participants.
Meanwhile, Sitnikov is “almost certain” that Killmilk is the victim of “curatorial squabbles” against the backdrop of the possible formation of an official cyber army in Russia. This issue was specifically raised on November 1, 2023, after the head of the Ministry of Digital Development of the Russian Federation, Maksut Shadayev. supported The idea of creating cyber troops within the Ministry of Defense. By “curators” Sitnikov means security forces who coordinate the activities of some hacker and hacktivist groups.
“This showdown is about the budget allocated to the cyber army. Meanwhile, the non-existent budget is trying in vain. “The worst thing in this situation is that ordinary people who turn to hacktivism out of patriotic feelings may suffer,” said the hacker, sharing his opinion.
Oleg Shakirov, an expert on international politics in cyberspace and an advisor to the Russian International Affairs Council, suspects that the reason for the showdown between hackers may be the possibility of creating a cyber army. According to him, negotiations on its creation in Russia have been going on for a long time. They are being carried out only within the framework of the political game of the authorities.
“There is no reason yet to take these comments into consideration.” [о киберармии] heralds the creation of a new structure. Cyber attacks by hacktivists are illegal in most countries. “There are no exceptions that would absolve civilians of responsibility for such actions due to patriotic motivation,” he said.
A new conflict is brewing in the pro-Russian hacker community. Over a dozen hackers and hacktivists have spoken out publicly against the Russian group Killnet and its leader, who goes by the pseudonym Killmilk. He is accused of attacks on the infrastructure of the Russian Federation, fraud, and numerous violations of hacker ethics. socialbites.ca tells what Killnet is famous for and reveals the identity of the group leader from anonymity.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
Comments