The Killnet group and its collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion: Elon Musk's Starlink satellite broadband service and the websites of the White House in the US and the Prince of Wales in the UK. Researchers at Trustwave were able to find evidence corroborating the Russian-backed threat group's claims.[1]
Just last month in October, Killnet targeted various US airports to cause mayhem: https://redskyalliance.org/xindustry/us-airports-and-killnet
Killnet is claiming it took down Starlink service on 18 November, which has been critical for providing the Ukraine war effort with Internet connectivity. Trustwave analysts found Starlink customers on Reddit on the same day complaining they could not log in to their accounts for several hours. "You've been waiting for this comrades," Killnet posted on Telegram, according to Trustwave. "Collective DDoS attack on Starlink! No one can log into Starlink." Other threat groups, and known past Killnet collaborators, also claimed they were involved in the Starlink and other DDoS takedowns, including Anonymous Russian, Msidstress, Radis, Mrai, and Halva.
Besides Starlink, Killnet also was observed bragging it was able to successfully run "30 minutes of a test attack" on the US White House's website, this on 17 November. "Of course, we wanted to take longer, but did not take into account the intensity of the request filtering system," Killnet added. "But!!! The White House was banged up in front of everyone!" Trustwave added that the White House uses military-grade protection against DDoS attacks from Automattic.[2]
Then on 22 November, the group launched another DDoS attack, this time against the Prince of Wales' site, and warned that the UK healthcare system would be next. Killnet also threatened future attacks against the London Stock Exchange, the British Army, and more.
Along with its claim of the UK DDoS attack, Killnet brazenly, "today it does not work, perhaps this is due to the supply of high-precision missiles to Ukraine!"
Although the targets are bold, Trustwave analysts said Killnet and its cybercrime cohort are not advanced enough to pull off more than basic DDoS attacks. "We should expect to see more of these low skill attacks from Killnet targeting an ever-growing list of targets that it considers to be in opposition to Russian interests," Trustwave said in its recent report on the Killnet DDoS attacks. "However, it remains to be seen whether the group can graduate to attacks that cause damage, exfiltrate data, or do more than take down a website for a short period of time."
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov
[2] https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/killnet-claims-attacks-against-starlink-whitehousegov-and-united-kingdom-websites/
Comments