Feb 3, 2023 - Technology

Pro-Russian hacktivist group is only getting started, experts warn

Illustration of a computer mouse's wire as a fuse.

Illustration: Maura Losch/Axios

A pro-Russian hacktivist group's low-level distributed denial-of-service attacks on U.S. critical infrastructure could be a precursor to more serious cyberattacks, health care and security officials warned this week.

Driving the news: Killnet, a politically motivated Russian hacking group, briefly overloaded and took down the websites of some U.S. health care organizations on Monday.

  • The DDoS attacks came after Killnet threatened a long list of Western health care organizations last weekend in retaliation for continued NATO support of Ukraine.
  • The American Hospital Association said in a statement Tuesday that while "some of the named entities were in fact targeted," the "impact appears to have been minimal and temporary."

The big picture: Killnet's threats and low-level DDoS attacks have typically been seen as more of a nuisance than an actual threat to U.S. infrastructure.

  • But increasingly, organizations and security experts are warning that Killnet's members have more capabilities than their less-skilled attacks let on.

What they're saying: "What you see now is distributed denial of service," Mike Hamilton, a hospital security adviser and chief information security officer at Critical Insight, told Axios.

  • "What's coming after this could be a lot worse," he added.

Catch up quick: Killnet took down the websites of several major U.S. airports and a handful of state government websites in October.

The intrigue: Russia is filled with capable, patriotic hackers who could join Killnet and steer the group to pursue more destructive attacks like malware wipers or ransomware, Hamilton said.

Details: The Health Sector Cybersecurity Coordination Center also warned about more advanced hackers joining Killnet in an alert this week.

  • "This likely will result in entities Killnet targeted also being hit with ransomware or DDoS attacks as a means of extortion, a tactic several ransomware groups have used," the alert said.

Yes, but: Killnet has struggled to pivot away from less impactful DDoS attacks, and there's no guarantee the group will pursue more sophisticated attacks.

Be smart: Hospitals and other critical infrastructure should cut off as much internal access as possible to personal websites, including social media and email, to mitigate phishing threats that act as a gateway for more serious incidents, such as ransomware and malware wipers, Hamilton said.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper