Exploring Killnet’s Social Circles

It is not common for analysts to have the opportunity to study the social circles of criminal organizations, but occasionally a group emerges that is more transparent than others. Examining a criminal organization’s social presence can give analysts valuable insights into the structure and operations of the organization, as well as the relationships and connections between its members and the community around them.

In the case of Killnet, a pro-Russian hacktivist group known for launching DDoS attacks against those who oppose Russia’s invasion of Ukraine, the leader, Killmilk, has been more of a public figure than leaders of other criminal organizations involved in the war. This has allowed Killnet to gain more visibility, establish new connections, facilitate cooperation within the country and successfully raise funds for its operations.

This article will review three social circles associated with the criminal organization Killnet and examine how the group’s operations have obtained social and financial backing from individuals in Russia who support the occupation of Ukraine.

Infinity Music

Support for criminal organizations can take many forms, including financial contributions, active participation in illegal activities, and even passive support through art and entertainment. In the case of Killnet, they have found welcomed support through a notorious Russian rapper, Кажэ Обойма (Kazhe Oboyma), of Infinity Music. In the summer of 2022, Kazhe published a song titled “KillnetFlow (Anonymous diss)” in support of the criminal organization, Killnet.

This is a prime example of how even art and entertainment can provide community support to criminal organizations. However, it is not as uncommon as one might expect. Nearly a decade ago, American rapper and hacker YTCracker published a song called “AntiSec”, which supported the notorious hacking group LulzSec.

This trend highlights the fact that support for criminal organizations comes in many forms and can be found in unexpected places. It is not limited to financial contributions or active participation in illegal activities. Support comes in the form of propaganda, recruitment, and even through art and entertainment, which is seen in the examples of Kazhe Oboyma and YTCracker. It also shows that criminal organizations gain support from various communities and have a broad reach.

HooliganZ Jewelry

In October 2022, the Norwegian outlet Dagbladet reported on the collaboration between the criminal organization Killnet and HooliganZ, a Moscow-based jewelry manufacturer. In response to the article, HooliganZ posted a statement on VK expressing its support for Killnet and their efforts on Russia’s behalf. It also decided to donate half of all sales from Killnet-related jewelry to the organization. The statement made it clear that HooliganZ will continue to support Killnet operations now and in the future.

It is not typical for criminal organizations and hacking groups to sell branded merchandise to raise funds; however, it has been observed in the past. These items, such as clothing, accessories, and collectibles, feature group logos, slogans and catchphrases, and sold to individuals who identify with the group’s ideology or mission. The sale of branded merchandise serves as a form of propaganda, helping to recruit new members and promote the group’s cause.

However, it’s important to note that buying merchandise from criminal organizations or hacking groups may be considered to support illegal activities, and the funds generated from these sales may be used to support unlawful activities. Despite this, it is apparent that some groups have gained enough support to sell branded merchandise and raise money for their operations, regardless of mainstream perception.

Solaris Marketplace

In some cases, support from the community can come in the form of financial contributions, as demonstrated by the example of the Solaris marketplace. Solaris, a relatively new Russian darknet marketplace, has been reported by Elliptic Connect to be affiliated with the criminal organization Killnet. According to the report, the Solaris darknet marketplace gave the group $44,000 in Bitcoin.


The fact that Solaris provided financial support to Killnet demonstrates the potential for these underground marketplaces, which make hundreds of millions of dollars a year that is as a means for criminal organizations to raise funds. This is not new, as darknet marketplaces have been used to launder money and fund illegal activities. However, this specific instance of Solaris’ support of Killnet, provides insight into the potential for these marketplaces to fund criminal organizations directly and what the future threat landscape may look like.

Operational Insight  

As we can see, support for criminal organizations can come in many forms and be found in unexpected places. The example of Killnet highlights this fact by showing how the group has obtained social and financial backing from individuals in Russia who support the occupation of Ukraine. From financial contributions to active participation in illegal activities to passive support through art and entertainment, the social circles of Killnet demonstrate the complexity of criminal organizations’ relationships, connections, and structure.

This story was featured on our monthly Threat Researchers Live stream. To stay updated on similar stories and information like this, tune in to our monthly live stream on YouTube, where me and Pascal Geenens, Director of Threat Intelligence at Radware, discuss noteworthy events from the threat landscape.

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center