Pro-Russian hacktivist group is only getting started, experts warn
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Maura Losch/Axios
A pro-Russian hacktivist group's low-level distributed denial-of-service attacks on U.S. critical infrastructure could be a precursor to more serious cyberattacks, health care and security officials warned this week.
Driving the news: Killnet, a politically motivated Russian hacking group, briefly overloaded and took down the websites of some U.S. health care organizations on Monday.
- The DDoS attacks came after Killnet threatened a long list of Western health care organizations last weekend in retaliation for continued NATO support of Ukraine.
- The American Hospital Association said in a statement Tuesday that while "some of the named entities were in fact targeted," the "impact appears to have been minimal and temporary."
The big picture: Killnet's threats and low-level DDoS attacks have typically been seen as more of a nuisance than an actual threat to U.S. infrastructure.
- But increasingly, organizations and security experts are warning that Killnet's members have more capabilities than their less-skilled attacks let on.
What they're saying: "What you see now is distributed denial of service," Mike Hamilton, a hospital security adviser and chief information security officer at Critical Insight, told Axios.
- "What's coming after this could be a lot worse," he added.
Catch up quick: Killnet took down the websites of several major U.S. airports and a handful of state government websites in October.
The intrigue: Russia is filled with capable, patriotic hackers who could join Killnet and steer the group to pursue more destructive attacks like malware wipers or ransomware, Hamilton said.
Details: The Health Sector Cybersecurity Coordination Center also warned about more advanced hackers joining Killnet in an alert this week.
- "This likely will result in entities Killnet targeted also being hit with ransomware or DDoS attacks as a means of extortion, a tactic several ransomware groups have used," the alert said.
Yes, but: Killnet has struggled to pivot away from less impactful DDoS attacks, and there's no guarantee the group will pursue more sophisticated attacks.
Be smart: Hospitals and other critical infrastructure should cut off as much internal access as possible to personal websites, including social media and email, to mitigate phishing threats that act as a gateway for more serious incidents, such as ransomware and malware wipers, Hamilton said.
Sign up for Axios’ cybersecurity newsletter Codebook here.
