Killnet Grows & Hones Their Attack Potency

Category: Threat Actor Activity | Industries: Critical infrastructure, Defense, Energy, Financial, Government, Healthcare, Media, Technology, Telecommunications |

Source: Mandiant

The infamous Killnet threat group, associated with Russian objectives, has consistently evolved its tactics and strategies since 2022. Amidst Russia's invasion of Ukraine, Killnet swiftly emerged as a staunch Russian ally, executing their distinctive distributed denial-of-service (DDoS) attacks against targets in Ukraine and supporters of Ukraine and Western powers. Mandiant's latest report delves into the group's activities, revealing that their campaigns are "primarily centered around DDoS attacks that generate only shallow impacts lasting short periods of time." While Mandiant emphasizes no direct evidence of an association with Russia, Killnet's operations "consistently mirror Russian strategic objectives."

An expansion of their capabilities has been boosted by affiliate members such as allegedly collaborating with REvil, Zarya Splinters but mainly Anonymous Sudan. "Anonymous Sudan accounted for 63% of total identified DDoS attacks claimed by the KillNet collective in 2023. The group only emerged in January 2023, making the proportion of KillNet operations they comprise additionally notable," as found by Mandiant. One of the most significant disruptions Killnet and Anonymous Sudan have accomplished was their attack on Microsoft services in June 2023, causing outages to Azure, OneDrive, Outlook, and SharePoint.

After analyzing Killnet's activities from January 1st, 2023, to June 20th, 2023, it was revealed that the threat group has targeted over 500 victims with DDoS attacks. Most of Killnet's targets were entities based in the United States and Europe. All verticals are in scope for Killnet's attacks although technology, social media, and transportation industries are observed as top targets. The United States Heath Sector Cybersecurity Coordination Center (HC3) has posted numerous alerts to healthcare organizations to be wary of Killnet's disruptive attacks. Mandiant surmises that Killnet will become even more brazen in their attacks, with the recent Microsoft service disruption further inflating their already confident and boastful persona.