As the Russian occupation of Ukraine completes a year, pro-Russian threat group Killnet has posted another list of its targets
The threat group published a post on its leak site noting its targets from Spain and Poland. Several government systems were attacked with a focus on countries supporting Ukraine.
Earlier this month, the ransomware group added the names of 50 healthcare providers in the United States of America for supporting Ukraine.
Poland, Germany and more
The latest list in Russian language follows the intense attacks of pro-Russian threat groups on facilities in Poland.
Several Polish government websites were targeted by Anonymous Russia in a series of DDoS attacks on February 26. The websites included https://www.paih.gov.pl/en, https://pan.pl, https://www.pot.gov.pl/pl, https://www.pism.pl, https://www.pkn.pl, https://www.pcbc.gov.pl, https://rf.gov.pl, http://www.brpd.gov.pl, http://www.sop.gov.pl, https://www.kombatanci.gov.pl/pl, https://www.udt.gov.pl, https://www.uodo.gov.pl, and https://www.uprp.pl.
Similarly, on February 25, Anonymous Russia targeted several other Polish government websites, including https://www.policja.pl, https://www.archiwa.gov.pl, https://www.bbn.gov.pl, https://www.cba.gov.pl, https://www.gios.gov.pl, https://www.wetgiw.gov.pl, http://www.gum.gov.pl, http://www.ncbj.gov.pl, https://www.kowr.gov.pl, https://www.nfz.gov.pl, and https://www.pip.gov.pl.
On February 24, 2023, Killnet conducted a DDoS attack against several Polish government websites, including https://www.polska.pl/, https://www.msz.gov.pl, https://www.mg.gov.pl, https://www.granica.gov.pl, https://www.sejm.gov.pl, https://www.senat.gov.pl, and https://amw.com.pl/pl.
In another attack on February 20, Anonymous Russia targeted several Polish airport websites, including https://plb.pl/en, https://modlinairport.pl, https://www.airport.gdansk.pl, https://www.rzeszowairport.pl/en, https://airport.lubuskie.pl, https://www.airport.lublin.pl/ru, and https://www.krakowairport.pl/en.
Germany interior minister Nancy Faeser on Sunday raised an alarm over the looming threat of cyberattacks by Russian hackers. The minister cautioned that the danger posed by these attacks is significant and could have serious implications for the country’s security and economy.
According to research by Google, Russia increased its cyberattacks on Ukraine by 250% in 2022 in comparison with the attacks in 2020. Moreover, NATO countries witnessed an increase of over 300% in cyberattacks at the hands of pro-Russian cybercriminals.
Killnet and its spawns
Killnet has been generating splinter groups since the Russian invasion of Ukraine began. The latest to raise alarm bells is a group of hacktivists known as Zarya, who are believed to have pro-Russian ties.
The group, previously a special forces unit under Killnet, has reportedly been developing Mirai variants in order to increase the power of the DDoS botnet it uses to carry out attacks against Western targets, reported cybersecurity news firm Radware.
“Initially, the group operated as a special forces unit under the command of Killnet. The group’s objectives and motivations shifted as the conflict in Ukraine evolved.
This led to a breakaway from Killnet, with the group at times going by 0x000000, and a focus on recruiting skilled hackers from other pro-Russian threat groups that were burning out in the spring of 2022,” said the report.
“In May 2022, Zarya rejoined Killnet as part of a larger project called ЛЕГИОН, also known as its translation, ‘Legion.’ During the summer of 2022, the group, Zarya Legion, established itself as a leading force within Legion, setting an example for other groups and eventually becoming an independent entity known as just Zarya in August 2022.”
Zarya’s propaganda website, called Zarya – CyberFront, along with its campaign log and malware, are hosted by Akur Group, a hosting provider known for its support of pro-Russian hacktivist groups.