Last week, pro-Russian hacktivist groups launched a coordinated series of distributed denial-of-service (DDoS) attacks against medical centers and healthcare facilities in the United States and Europe. KillMilk, the leader of Killnet, coordinated the attacks and provided the targets. Killnet's affiliates, including Anonymous Russia, supported the action by aligning their attack activity. On January 30, the Health Sector Cybersecurity Coordination Center (HC3) warned that, "The group should be considered a threat to government and critical infrastructure organizations, including healthcare
Download a Copy Now
Who is Killnet?
Killnet is a pro-Russian threat group known for launching denial-of-service attacks against those in public and private sectors that directly and indirectly support Ukraine or have in some way offended Russia. The group formed in January of 2022, selling DDoS services, but quickly transitioned into a hacktivist group following the Russian invasion of Ukraine.
The group grew its subscribers on Telegram from 34,000 to 85,000 subscribers in less than a week in June 2022 and has kept growing since. For comparison, IT Army of Ukraine, the international volunteer group created by the Ukrainian government to attack Russian targets in support of the war, has almost 200,000 subscribers but has been losing subscribers since March 2022.
KillMilk, the founder of the pro-Russian hacktivist group, claims that members of the group are ordinary people and denies any association with the Russian government. To maintain and grow its attack infrastructure, Killnet depends on donations.
Last year, Killnet was behind the attacks against Romanian and Czech state institution websites in April. In May, it carried out attacks against numerous Italian institutional websites, including those of the Ministry of Defense, the Senate, the National Health Institute, and the Automobile Club d'Italia. The Italian Senate Website was disrupted for an hour during the attacks. Later in May, Killnet attacked more sites in Italy, tried to bring down CSIRT Italy but failed, and attempted to disrupt the Eurovision Song Contest voting and broadcasts. The group claimed responsibility for the attacks against Lithuania's network infrastructure and targeted Norwegian organizations in June. Latvia's public broadcaster was attacked by Killnet in what was the largest cyberattack in the country's history.
In August 2022, KillMilk claimed responsibility for a cyber-attack on Lockheed Martin as a retaliation for the HIMARS systems supplied by the US to Ukraine. In October, Killnet announced an operation to target civilian network infrastructure in the United States with coordinated DDoS attacks. Several US government and airport websites were attacked in the weeks following the announcement.
In September 2022, Killnet announced it attacked 23 websites of four ministries and agencies in Japan, the Tokyo Metro and Osaka Metro websites, and the social network service 'mixi.' Killnet declared war against the Japanese government after Russia and Japan had disagreements over the Kuril Islands.
On January 26, 2023, the German Federal Office for Information Security (BSI) announced wide-ranging DDoS attacks against various agencies and companies in Germany. According to the BSI, websites from airports were particularly affected, but also those of companies in the financial sector and those of federal and state administrations. The attacks were announced in advance by Killnet, as a retaliation for the German government's decision to send Leopard 2 tanks in support of Ukraine.
Radware offers a service to help respond to security emergencies, neutralize the risk and better safeguard operations before irreparable damages occur. If you’re under DDoS attack or malware outbreak and in need of emergency assistance, Contact us with the code "Red Button".