With many countries assisting Turkey and Syria in earthquake response, hackers are in the process of trying to disrupt the communication processes. The Russian hacktivist collective Killnet has carried out a series of distributed denial of service (DDoS) attacks against NATO, causing temporary disruption to some of the military alliance’s public-facing websites. The Killnet operation had previously said through its closed channel on the encrypted Telegram service that it was initiating attacks against NATO. It also appears to have been soliciting cryptocurrency donations to maintain the attacks.[1]
A NATO spokesperson confirmed the alliance had briefly come under attack, “NATO cyber experts are actively addressing an incident affecting some NATO websites. NATO deals with cyber incidents on a regular basis and takes cyber security very seriously.”
Speaking at a press conference convened ahead of a meeting of Defence ministers, the NATO secretary general told reporters that the alliance has deployed additional protective measures since 12 February. “The majority of NATO websites are functioning as normal. Some NATO websites are still experiencing availability issues, but our technical teams are working to restore full access,” he said and followed saying that NATO’s classified networks, those used to communicate on active missions and within the alliance’s command structure, were not attacked.
However, according to reports, the cyber-attack may also have affected networks used by NATO’s Strategic Airlift Capability (SAC), a program within NATO that provides military airlift capabilities to 12 member states using Boeing C-17 Globemaster III aircraft. The UK is not part of this unit, although the Royal Air Force does operate C-17s. SAC, which has been flying search and rescue equipment and teams into an airbase in south-eastern Turkey, reportedly found itself unable to communicate with a C-17 in flight due to network disruption, although it is understood it never lost contact with the plane.
Currently the death toll from the 7.8 magnitude earthquake had risen to more than 33,000 in Syria and Turkey. A week after the disaster, hopes of finding any more survivors are fading fast as the relief operation moves from the search and rescue phase to one of support and recovery.
Killnet's attacks on NATO targets will come as little surprise to long-time observers of the cyber element to Russia’s war on Ukraine. Since the early days of the conflict the Kremlin-aligned group has targeted organizations and governments that have supported Ukraine, and recent announcements of more military aid to Kyiv prompted a series of attacks on targets in Germany and the United States. The group’s stock-in-trade DDoS attack is a relatively affordable variety of cyber-attack designed to cause temporary and noisy disruption, rather than damage, to its targets, by flooding their public-facing infrastructure with an overwhelming number of junk requests. As such, NATO will likely have been prepared to be targeted in this way.
Cybereason, said, “The group claiming responsibility for the attack, Killnet, is known best for their use of DDoS as a tool. Building large botnets is significant, but it is also defensible; and resilience can be built. It is in some ways the ‘poor man's’ cyber tool, because it gets a big splash for relatively little investment. “Dogs run in packs, and this is no different. DDoS produces a lot of barking, but the pack isn't that large. Targeting local and state governments is optimizing for the most visibility. If they could do more, they would. At this time, the best assumption is that we are seeing Killnet’s loudest attempt to get attention. However, the world is more-or-less divided for or against Putin, and attacks like this aren't likely to either sow debilitating fear or sway hearts and minds.”
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.computerweekly.com/news/365530999/Killnet-DDoS-attacks-disrupt-Nato-websites
Comments