Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Killnet. Show all posts

Royal Family’s Official Website Suffers Cyberattack, Following Remarks on Russia


The British Royal Family’s official website is suffering a cyberattack, following UK’s support for Ukraine that went public. A DoS attack, which is brought on by an influx of unnecessary traffic, caused the Royal Family website to be unavailable for an hour and a half on Sunday morning. An 'error' notice would have been displayed to anyone attempting to visit the site at this time, but by early afternoon it was fully working once more.

While Buckingham Palace insiders claim that it is impossible to determine who was behind the attack at this time, the pro-Kremlin group Killnet has taken responsibility for it in a message posted on the social media site Telegram. The 'Five Eye Alliance' (an intelligence alliance made up of the UK, the US, Canada, Australia, and New Zealand) has previously identified the group as a significant cyber-security threat, and the US Department of Health has previously noted that Killnet has made a number of threats to organizations, including the NHS.

Thankfully, the DoS attack on the royal family website only caused service disruption. No privileged information was accessed, and no control over the website was obtained. These kinds of attacks tend to be more disruptive than damaging, but they can still bring down websites, which can be disastrous in some circumstances.

However, this was not the first the royal family had suffered a cyberattack. The website was also taken down in November 2022 by Killnet, and the Met Police foiled a cyber plot to interrupt the royal wedding of the current Prince and Princess of Wales in 2011.

For many years, but particularly since the Ukraine war, there has been a looming threat of a cyberattack by Russia or by organizations that support Russia. Oliver Dowden, the deputy prime minister, stated at the April Cyber UK conference in Belfast that these attacks may now be motivated by "ideology." The royal family has consistently shown its support for the Ukrainian people. The Princess of Wales met privately with the First Lady of Ukraine in September of last year, and this year, the Prince of Wales paid a visit to Ukrainian troops stationed near the border. In February, King Charles convened meetings with President Zelensky at Buckingham Palace.

The attack came to light only two weeks after King Charles made a public remark over the war, in his speech on the royal visit to Paris. In his comment, he mentioned Russia’s ‘unprovoked aggression’ and said that ‘Ukraine must prevail.’  

eCitizen Cyberattack: Kenyan Government Portal’s Services Disrupted


The Kenya government recently confirmed that its eCitizen portal was affected by a cyber-attack. The portal was used by the public to access over 5,000 government services.

The attack came to notice after its customers complained of disruption in its services, which included passport and application renewal, issuing e-visas, and driving licenses.

Following the confirmation of the attack and hindrance in the eCitizen system, the government was made to promise visas on arrival to its foreign customers who had earlier applied for e-visas. Also, certain disruption was noticed in the train-booking systems and electricity billing. 

People who rely on the popular mobile-money service M-Pesa to make payments at stores, public transportation vehicles, hotels, and other platforms also encountered issues. Mobile money banking services were also impacted.

Apparently, the attack also impacted several private companies, however, the claim has not been confirmed yet.

Anonymous Sudan

The attack has been executed by hackers, who call themselves ‘Anonymous Sudan’. The group claims to have been based in Sudan, portraying themselves as ‘cyber-warriors,’ and has vowed to attack anyone attempting to meddle in the country's internal affairs, it is however thought to have ties to Russia. The group apparently supports Russia and is an affiliate of the pro-Russian threat group Killnet. 

The group came to light in January this year and has been popular since, carrying our several attacks. It has been categorized as disruptive, but not sophisticated. 

The majority of the group's communications have been shared on its Telegram channel, where on Sunday a warning of an upcoming attack on Kenyan computer systems was posted.

The reason it gave for the recent cyberattack was that "Kenya has been attempting to meddle in Sudanese affairs and released statements doubting the sovereignty of our government," as per the reports.

Apparently, the group is citing the issue pertaining to the Sudanese government, which has repeatedly accused Kenyan President William Ruto of lacking neutrality and rejected his attempts to mediate in the ongoing war between the Sudanese military and the paramilitary Rapid Support Forces (RSF).

Follow-up of the Attack

Since, the government has been putting emphasis on its people utilizing its online services, along with adopting online payment methods, the recent attack seems to have consequently impacted a large number of Kenyans.

After the attack became public, the ICT Cabinet Secretary, Eliud Owalo, confirmed that the services suffered no data loss and that the government is working on solving the issue and securing its platform. However, the hackers claim to have access to victims’ passport data.

Following the incident, on Friday, the ministry held a meeting with several private sector professionals to address cyber security issues.

Although there are still sporadic interruptions that slow down or prevent users from accessing services normally on the internet platform, the government claims to have been able to stop the attack's source.  

Killnet Attempts to Build Clout Among Russian Hackers With Media Stunts

 


As a result of Killnet and Killmilk's leadership over the past several months, ragtag hacker groups from Russia have been consolidated under their leadership. This has formed one group called Killnet. Even though Killnet has made a concerted effort to position itself as a powerful arm of the Russian government, and even a potential mercenary cyber army, its attempts have largely failed, as it has outshined many of its competitors. Experts disagree with either of those claims, and Killnet does not meet its hype, regardless of whether the claims are correct or inaccurate. 

KILLNET is a well-known pro-Russian hacktivist group that has been operating actively since the conflict between Russia and Ukraine broke out over a year ago. Since February 2022, the group has been active in the field of Distributed Denial of Service (DDoS), and since then has been engaged in DDoS attacks. A semi-formal organizational structure has also been established within this group of activists. 

This group has a substantial presence on Telegram, a messaging app widely used by its members. KILLNET has a well-developed organizational structure for command and control. With different levels of superiority, command lines, and tasking systems, the company demonstrates a strong command and control mechanism. This group consists of a few subgroups that allegedly are involved in multiple terrorist attacks against NATO countries and other anti-Russian states. While it is uncertain whether or not they are technically proficient and sophisticated, they remain considered a threat despite the uncertainties. 

The growth has been attributed to the continual addition of new sub-groups and specialists, as well as the shift in motivation from hacktivism towards making money from hacker companies, which has been a successful strategy in recent years. 

There are several cybercriminals and cyberattack threat groups in Russia who, under relative protection from Western law enforcement, are facing something common to all capitalist economies - the market for cyberattack threat groups has become saturated, meaning consolidation is imminent in the country. Killnet has chosen to engage in a media feud to reclaim its position as the strongest hacktivist organization in Russian history. 

Russia and Killnet May Not be in a Mutually Beneficial Relationship 


Security vendor Mandiant believes Killnet may have some connection to the Russian government, though that connection remains uncertain at the moment. Killnet does not fit into the military program due to its activities. These activities are closely linked to known Kremlin-controlled hacking operations that are mostly kept quiet and work on disinformation and disinformation campaigns. The Killnet operations of Mandiant have been generating headlines recently due to their success.

KillMilk, credited with creating the KILLNET, announced recently that they were forging a team of darknet operators and special forces agents with financial motives. This team was carrying out destructive activities on the darknet. The business they ran spanned the full spectrum from offering services to hackers as well as competing businessmen, all the way through to taking orders from private parties and state authorities. Additionally, they were tasked with defending the interests of the Russian Federation. 

A detailed analysis of KILLNET, its subgroups, its capabilities, and recent developments in the group's motives is included in this report. According to Mike Parkin, with Vulcan Cyber, Killnet has positioned itself as a group committed to furthering Kremlin interests following the Russian invasion of Ukraine in 2014. Its messaging has been highly pro-Kremlin, indicating that it may be courting Kremlin support. 

In the case that they are not working for the Russian government already, it would seem safe to assume that Killnet will be working for them if they aren't already. Even if [Killent] does not receive any payment, the ability to operate without being confronted by state law enforcement agencies is a major benefit. Many countries, along with Russia, have already become comfortable with the idea of cybercriminals operating. 

It has been decided that Killnet has decided to build a big brand and media profile to compete in a competitive cybercriminal sector without direct support from Russia. By presenting this to other hackers, they can get them to work for them. There are not many cyber threats that Killnet has effectively handled so far. 

It has been reported that Killnet may have targeted several healthcare facilities in the US, including Stanford Health, Michigan Medicine, Duke Health, and Cedars-Sinai. However, these cyberattacks have not disrupted any of these institutions' networks. 

Additionally, there have been other reports of DDoS attacks which are Killnet's primary method of attacking infrastructure within the US as well as internationally. In addition to airports, there are defense contractors who provide services to the government and even the White House. 

Brand building at Killnet 


As of March, Killnet is launching Black Skills, a cyber-army-for-hire modeled after the Wagner Group, a mercenary army commissioned by Russia when it invaded Ukraine until a revolt broke out among its soldiers and their Kremlin-connected commander Yevgeni Prigozhin in June.

Even though Killnet claims that it was not involved in the Wagner Group revolt in June, it has praised Prigozhin while simultaneously accusing the Wagner Group revolt of being instigated by enemies of Prigozhin. There is no evidence to suggest Killnet is capable of setting up a private military company (PMC) that can compete with the United States military. Experts tell Dark Reading this is not true. In addition to frequently announcing developments regarding its structure and future operations, Killnet has also announced that it will become a private defense hacker company shortly," Mandiant stated. 

In addition, there have been several instances of petty drama as well. The head of Anonymous Russia was outed as a CIA rat by Killnet's Killmilk in April, where Killmilk called him a leader of the rival hacktivist group. The threat actor who he appointed as his leader is Radis, another threat actor. It seems that Killnet's recent move has had little effect on killing their influence among Russian hackers as well. 

Furthermore, the group has also spoken about the possibility of launching cyberattacks on Western SWIFT banks in conjunction with the ransomware groups REvilL and Anonymous Sudan. This has not yet happened. 

Despite this, Killnet has built a strong brand name. There are rap songs dedicated to Killnet's antics, and jewelry bearing their moniker can be seen in Moscow's most fashionable clothing stores. The group has become a legend in Russia.

A new version of Killnet's promotional video was released recently, teasing the short film about the group that's on its way. A video of the incident is reported to include sledgehammers smashing and tough-talking, according to the video. 

Parkin believes that Killnet was making headway in terms of gaining the support of other groups to join the network. As a result, he does not believe that this threat group will be able to emerge as a unique Russian power player in the cybercrime industry. It is unlikely that these groups will ever obtain a majority in their respective groups. This is even though they consolidate other groups under their banner.

KillNet: Pro-Russian Threat Actors Claims Responsiblity for 14 DDoS Attacks on U.S. Airports

 

On Monday, a pro-Russian hackers group ‘KillNet reportedly claimed to be behind the DDoS attacks, that temporarily took down the websites of several U.S. airports.
 
A similar case was witnessed by Atlanta International Airport. Consequently, users were unable to access the websites for a few hours during the campaign. Though, the attacks did not have any impact on flight operations.
 
The Los Angeles International Airport (LAX) authority informed about a threat on their website to the Transportation Security Administration and the FBI.
 
"The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions," a spokesperson stated in an emailed statement. Adding to the statement, she said the airport’s IT Team has restored all services and is investigating the cause.
 
Later, the hacker group apparently posted the list of the hacked airport websites on Telegram that included 14 targeted domains, urging hackers to participate in the DDoS attack.
 
The Airport websites impacted by the group include Los Angeles International, Chicago O’Hare, Hartsfield-Jackson Atlanta International Airport, the Los Angeles International Airport (LAX), the Chicago O’Hare International Airport (ORD), the Orlando International Airport (MCO), the Denver International Airport (DIA), the Phoenix Sky Harbor International Airport (PHX), and the sites of airports in Kentucky, Mississippi, and Hawaii.
 
In a Telegram post on Monday, Killnet listed other U.S. sites that could be the next potential victims of similar DDoS attacks, such as sea terminals and logistics facilities, weather monitoring centers, health care systems, subway systems, and exchanges and online trading systems.
 
Apparently, this DDoS attack was not the first attack by KillNet as KillNet has previously targeted many other countries that were against the Russian invasion of Ukraine. These NATO countries include Italy, Romania, Estonia, Lithuania, and Norway.
 
KillNet's DDoS attacks and those urging other threat actors to carry out are an example of what security experts determine is the tendency in recent years of geopolitical tensions, to be permeated the cyber world. As per the speculations, this campaign against the US and other NATO countries, for instance, instigates days after an explosion demolished a section of a major bridge connecting Russia to the Crimean Peninsula.

Killnet Targets Japanese Government Websites

According to investigation sources on Wednesday, the Tokyo Metropolitan Police Department intends to look into the recent website outages of the Japanese government and other websites that may have been brought on by cyberattacks by a Russian hacker organization.  

As per Chief Cabinet Secretary Hirokazu Matsuno, the government is apparently investigating if issues with the aforementioned sites were brought on by a denial-of-service (DDoS) attack. 

As per experts, access to the government's e-Gov portal website, which provides a wealth of administrative information, temporarily proved challenging on Tuesday.  

The pro-Russian hacker collective Killnet claimed responsibility for the attack and alleged it had attacked the electronic system of the tax authority and Japan's online public services in a post on the messaging app Telegram. Furthermore, it appeared that the hacker collective wrote that it was an uprising over Japan's 'militarism' and that it kicked the samurai. 
 
However, as per Sergey Shykevich, manager of Check Point Software's threat intelligence group, Killnet was likely responsible for these attacks.  

Killnet's justification for these strikes, according to Shykevich, "is owing to Japan's support of Ukraine in the ongoing Russia-Ukraine war, as well as a decades-long dispute over the Kuril Islands, which both sides claim control over."

As per the sources, the MPD will look into the cases by gathering specific data from the affected businesses and government bodies. The National Police Agency will assess whether the hack on the e-Gov website qualified as a disruption that materially impairs the operation of the government's primary information system as defined by the police statute, which was updated in April.

The cybersecurity expert added that firms in nations under attack by Killnet should be aware of the risks because the group employs a variety of tactics, such as data theft and disruptive attacks, to achieve its objectives. 

Following a recent large-scale attack by Killnet on websites in Italy, Lithuania, Estonia, Poland, and Norway, there have been allegations of attacks targeting Japanese government websites.





Russian-Linked Hackers Target Estonia

 

In response to the government's removal of a monument honoring Soviet World War II veterans, a pro-Kremlin hacker group launched its greatest wave of cyberattacks in more than ten years, which Estonia successfully repelled.

Luukas Ilves, Estonia's under-secretary for digital transformation at the Ministry of Economic Affairs and Communications, stated that "yesterday saw the most significant cyberattacks against Estonia since 2007".

According to reports, the former Soviet state removed a Red Army monument from Tallinn Square this week, and the eastern city of Narva also got rid of a Soviet-era tank. After Russia invaded Ukraine, the authorities vowed to remove hundreds of these monuments by the end of the year.

On Wednesday, the Russian hacker gang Killnet claimed responsibility for the attacks and stated a wave of DDoS attacks have allegedly been launched against the 200 websites of public and private sector organizations in response, including an online citizen identity system. 

A replica Soviet Tu-34 tank from World War II was taken off the public display on Tuesday in the town of Narva, close to Estonia's border with Russia, and brought to the Estonian War Museum in Viimsi, according to Killnet, which claimed responsibility for a similar attack against Lithuania in June.

It's worth noting as based on sources, that the DDoS attacks timed with a Russian media fake news campaign alleging that the Estonian government was destroying Soviet war graves. The country's ethnic Russians reportedly rioted as a result of this.

Estonia's Cybersecurity 

According to the National Cyber Security Index, the nation has a 17 percentage point advantage over the average for Europe and is placed third in the ITU Global Cybersecurity Index 2020. 

After experiencing significant DDoS attacks on both public and private websites in 2007, Estonia, a country that is a member of the European Union and NATO, took steps to strengthen its cybersecurity. It attributed these attacks to Russian actors who were enraged over the removal of another Soviet-era monument at the time.

The nation's e-government services, along with other industries including banking and the media, were significantly disrupted throughout the weeks-long campaign. The dismantling of a monument honoring the Soviet Red Army also sparked the attacks.

The Tallinn memorial served as a grim reminder of Estonia's 50 years of Soviet captivity to the government and many Estonians, while other ethnic Russians saw its removal as an attempt to obliterate their past. 

The incident did, however, motivate the government to step up its cybersecurity efforts, and as a result, it is today thought to have one of the best defensive positions of any international government.











Italy Alerts Organizations of Incoming DDoS Attacks

 

On Monday, Italy's Computer Security Incident Response Team (CSIRT) issued an urgent warning about the significant threat of cyberattacks against national entities. The Italian organisation is referring to a DDoS (distributed denial-of-service) cyberattack, which may not be catastrophic but can nonetheless cause financial and other harm due to service failures and interruptions. 

“There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private entities whose image is identified with the country of Italy,” describes the public alert. 

The indicators are Telegram postings from the Killnet organisation inciting massive and unprecedented assaults on Italy. Killnet is a pro-Russian hacktivist group that launched an attack on Italy two weeks ago, employing an ancient but still powerful DDoS technique known as 'Slow HTTP.' As a result, CSIRT's advised defensive actions this time are related to this sort of assault but also contain numerous generic pieces of advice. 

Last Tuesday, Killnet announced "Operation Panopticon," appealing for 3,000 "cyber fighters" to join in 72 hours. Last week, the group restated the call to action multiple times. The necessary sign-up form requests information on the volunteers' system, origin, age, and Telegram account, as well as the tools needed to launch resource-depletion attacks. 

While DDoS appears to be the primary purpose, it is possible that Killnet intends to utilise DDoS to force defences to cope with service outages rather than active cyberattacks. Killnet presented an etymology definition of the word Panopticon, implying data leaks and warning that 90% of the country's officials will 'go crazy.' 

Killnet's recent targeting of entities in numerous countries, Italy among them, for backing Ukraine's resistance against Russia has resulted in the group's targeting of Italian groups. This prompted Anonymous Italy to take action, launching attacks on Killnet and doxing some of its members via social media. As a result, Killnet retaliated. 

The CSIRT Italy website was intermittently inaccessible at the time of writing, but no long-term connection difficulties were observed. There have also been reports of Poste Italiane, Italy's national postal service provider, going down for many hours this morning. 

However, the agency told la Repubblica that the disruption was caused by a software upgrade that did not proceed as planned, rather than by Killnet assaults. Other local media sources that regularly monitor the availability of Italian sites claim that the web portals of the State Police and the Italian Ministries of Foreign Affairs and Defense are also unavailable. At the time of writing, the sites of the two ministries appear to have been damaged by a DDoS assault, according to BleepingComputer.

Ukrainian Government Websites Shut Down due to Cyberattack

 

Ukrainian state authorities' websites have stopped working. At the moment, the website of the Ukrainian president, as well as resources on the gov.ua domain are inaccessible. 
According to the source, a large-scale cyberattack by the Russian hacker group RaHDit was the reason. A total of 755 websites of the Ukrainian authorities at the gov.ua domain were taken offline as a result of the attack. 

Hackers posted on government websites an appeal written on behalf of Russian soldiers to soldiers of the Armed Forces of Ukraine and residents of Ukraine. "The events of the last days will be the subject of long discussions of our contemporaries and descendants, but the truth is always the same! It is absolutely obvious that what happened is a clear example of what happens when irresponsible, greedy, and indifferent to the needs of their people come to power," they wrote. 

Another of the hacked websites published an appeal on behalf of Zelensky. In it, the President of Ukraine allegedly stated that he had agreed to sign a peace treaty with Russia. "This is not treason to Ukraine, to the Ukrainian spirit, it is exclusively for the benefit of the Ukrainian people," the banner said. 

The third message called on civilians to "refuse to support national radical formations formed under the guise of territorial defense." It was warned that any attempts to create armed gangs would be severely suppressed. In another announcement, Ukrainian soldiers were asked not to open fire on the Russian army and lay down their weapons: "Return fire will kill you. You are guaranteed life, polite treatment, and a bus home after the war." 

This information could not be confirmed. Currently, when entering government websites, it is reported that access to them cannot be obtained.

Earlier it became known that Russian hackers from the Killnet group hacked the website of the Anonymous group, which had previously declared a cyberwar against Russia. They urged Russians not to panic and not to trust fakes. 

On February 25, hackers from Anonymous announced their decision to declare a cyberwar against Russia due to the start of a special operation in the Donbas. The attackers attacked Russian Internet service providers and government websites. They also hacked the websites of major media outlets: TASS, Kommersant, Izvestia, Forbes, Mela, Fontanka. 

As a reminder, the special operation in Ukraine began in the morning of February 24. This was announced by Russian President Vladimir Putin.

The Russian Hacker Group Killnet Took Down the Anonymous Website

 

The Russian hacker group Killnet said that they took down the Anonymous website "anonymoushackers[.]net" and called on Russians not to believe the Internet fakes and to stay calm. Killnet's appeal was published on one of its Telegram channels on Tuesday, March 1. 

According to the hacker group, "the Internet is full of fake information about hacking Russian banks, attacks on the servers of Russian media and much more. All this has no danger to people. This "information bomb" carries only text. And no more harm. Don't give in to fake information on the Internet. Do not doubt your country". 

Hackers blamed the events in Ukraine on the country's President, Vladimir Zelensky, as well as American leader Joe Biden. The leaders of the EU countries, as they say in the appeal, are following the lead of the United States. 

 According to independent verification done by CySecurity News, there is no official website for Anonymous Group. 

Russian hackers said that they had already disabled the website of the Anonymous group, along with the website of the Right Sector banned in the Russian Federation. The Anonymous hacker group declared a cyberwar on Russia and claimed responsibility for a hacker attack, for example, on the RT website. 

On February 28, the websites of Izvestia, TASS, Kommersant, Forbes, Fontanka, Mela, E1, Buro 24/7, RBC, Znak.Com and other Russian media were hacked. On the same day, massive DDoS attacks were launched against websites of the Crimean government and authorities. Hackers used a botnet with IP addresses mostly located in North and South America, Taiwan, and a number of other countries. 

On February 26, the Ministry of Information reported that users of the public services portal may face difficulties when working with the services of the site due to cyberattacks. At the same time, the department clarified that the personal data and information of citizens are reliably protected. On the same day, the administration of the President of the Russian Federation reported regular cyberattacks on the Kremlin's website. Moreover, Russian Railways reported that the company's website is subject to regular serious DDoS attacks. 

Earlier, Information security expert Nenakhov told what danger Anonymous hackers pose to Russia. According to him, DDoS attacks are the easiest thing that can happen. Government websites, government online services such as Gosuslugi, email, social media accounts of politicians, websites, and the IT infrastructure of state banks and defense companies are relatively more vulnerable to attacks.