Links

Summary

Last Update: 2022-06-09 01:05

Description

Killnet is a pro-Russian hacktivist group which started its activities in early 2022 as a DDoS and Botnet service.
When the Russian-Ukrainian war broke out, it started attacking Airport websites and other types of services via DDoS.
From April 2022 onwards, it started attacking a wider range of critical infrastructures of NATO member countries or countries positioned towards Ukraine within the war.

Structure

Killnet is a decentralized group, organized in squads. These squads have no geographical links, only ideological (pro-Russian) ones.
Despite of having a decentralized structure, there is a head (Killmilk) who is in charge of acting as an axis between the different squads and of maintaining the main ideal of the group.
It has also been observed that there are some "trustworthy men" or "commanders" who are the contacts in charge of recruitment, press, and other types of coordination.
Each Squad works independently and sets its own victims, although from time to time a "call to arms" is made where a series of objectives are assigned to each squad. It has not been confirmed whether these are direct orders or just proposals.
More info in this section

Ideology

Killnet supports the pro-Russian cause, but it does not mean that it also supports the Russian government.

Motivation

Hacktivism

Psychology

For Killnet, the image of its ideology is fundamental.
There have been cases where they have chosen press targets based on an erroneous opinion of the target towards themselves.
They insist that they support their people and their country, but that does not mean they are pro-Kremlin, something they have repeatedly emphasized.
They see themselves as "saviors of the Western devil, the new generation that will cleanse Nazism from their lands just as their grandparents did".
They believe their cause is legitimate and proclaim themselves the defenders of the new generations of the Russian people.
They are sensitive to misunderstanding their cause and react in a threatening manner against those media that tarnish their image or speak ill of them.
They are not particularly hostile to the population (of the West), on the other hand, they tend to focus a lot on political figures or organizations representative of what they detest.

Threat Level

At present, with the information gathered and an analysis of their methods and track record, there is no reason to be alarmed by Killnet more than other actors.
The risk to a commercial organization outside the Ukrainian conflict is relatively low.
On the other hand, government organizations and other critical infrastructure, such as industry, transportation and communication, will need to remain vigilant.
The only attacks known to date are denial-of-service attacks. So if organizations are well prepared against this type of attack, the risk of falling victim to Killnet is greatly reduced.
On the other hand, although Killnet focuses on denial of service attacks, from May onwards attacks on databases were observed, with their consequent public exposure on the group's Telegram channels, so it is possible that they are trying to evolve their scope as a group.
It should also be mentioned that Killnet has not been observed so far to have the capacity to develop its own tools, although we cannot forget its origins at the beginning of the year as a group pretending to offer denial of service services.
Given their decentralized nature and observing their "call to arms" and other recruitment posts, it is not surprising to think that they do not have too many assets, nor are they very high profile.
They have publicly announced that they are looking to integrate pentesters, programmers, analysts, designers and press into their ranks, where they also indicated that they were looking for "senior" profiles.
Killnet has publicly announced that it is carrying out tests on Spanish infrastructures and that the attack will be imminent and close. There is no reason to doubt their statements given their other actions in countries such as Italy, however, Killnet's attack capability today is limited to denial of service and database injection attacks. If your organization is well prepared against this type of attack, the risk of falling victim to Killnet is very low.