KillNet's Unrelenting DDoS Against Healthcare Providers

Category: Threat Actor Activity | Industries: Critical Infrastructure, Healthcare | Level: Strategic | Source: HHS

Targeting of critical US organizations by the Pro-Russia hacktivist group, KillNet has persisted since December 2022, with the group's primary cyber weapon of choice being Distributed denial-of-service (DDoS) attacks aimed to cause network disruptions and outages. As reported by the Health Sector Cybersecurity Coordination Center (HC3), in January 2023, there have been over 90 DDoS attacks on healthcare systems, hospitals, and medical centers. The majority of these attacks were initiated on premises with Level I trauma centers and healthcare systems consisting of at least one hospital. These types of organizations are prime targets for KillNet and its affiliates due to their large size and valuable patient data. During February 2022, KillNet proceeded to harass critical infrastructure organizations owned by the United States and NATO countries. Lastly, in March 2023, while KillNet was not as vocal on their Telegram channels as they have been in prior months, they've been observed to continue their attacks on healthcare organizations. Specifically targeting healthcare sub-sectors associated with laboratory services, blood, and pharmaceuticals. KillNet actors are particularly vocal on their Telegram channels antagonizing their targets, rallying support for upcoming campaigns, and gloating about their accomplishments. The bovada exhibited by the group often attempts to induce fear and while DDoS and defacement attacks can be disruptive, they are often reported to have little or non-lasting impact.

‍