Posted on October 14, 2022 at 1:45 PM
A Russian hacking group has taken responsibility for several hacking attacks that took dozens of state government websites offline. The affected states include Colorado, Connecticut, Kentucky, and Mississippi.
Russian hackers take state government websites offline
These states were affected by politically motivated hacking attacks. The attacks started on Wednesday, October 6. The hacking group responsible for the attack is known as Killnet, a Russian-speaking organization.
The Killnet hacking group deploys distributed denial-of-service (DDoS) attacks to affect the online traffic of its targets. After hacking these websites, the hackers posted images depicting a mushroom cloud and included political slogans.
Most state government websites that the hackers brought down have resumed normal operations. In Colorado, state government officials said that the state’s website was taken offline following a cyberattack conducted by “an anonymous suspected foreign actor.”
Government officials have also said that the Office of Information Technology and State Emergency Operations Center was actively involved in restoring the state government portal. Despite the government homepage of the state being taken offline, online services were still available.
The state has also created a temporary site containing links to online services. However, it has not provided a timeframe for restoring the original website. The governor’s office also said that those who still wanted to use online services would do so because the services would still be available.
After the hackers took these websites down, they took to Telegram to post a list of all the state government websites they had taken offline because of the DDoS attack. However, it is not clear whether the group took down all the posted state websites. The list includes other states like Delaware, Alaska, Kansas, Alabama, Florida, Idaho, Hawaii, and Indiana.
Erick Kron, a security awareness advocate at KnowBe4, has said hacking groups wreak havoc while making their work known to the public. While the disruption of services was inconvenient to the users of these sites, the effects were less than data breaches that involved stealing personal information.
These incidents have lowered public trust in the organizations whose websites were affected despite the nature of these hacks. The disruption of these websites increases social anxiety and could change the public opinion on the war between Russia and Ukraine. Moreover, political groups could also start questioning whether locals should suffer the effects of a war in a foreign country.
Hackers did not disrupt election infrastructure
The US is preparing for the November midterm elections. The Federal Bureau of Investigations (FB) and the Cybersecurity and Infrastructure Security Agency (CISA) have warned that attacks linked to the elections could cause massive disruptions and prevent voters from exercising their democratic rights.
However, the recent cyberattack does not seem to target voting infrastructure. The Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC) has warned that attacks could target voting platforms.
The Kentucky Board of Elections remained offline during these attacks. However, the Russian hackers did not take responsibility for any attack on an election website. The Killnet hackers have enhanced their attacks against Western governments.
The Killnet hacking group has ramped up attacks since Russia invaded Ukraine, with the hacking group claiming to be behind several attacks targeting government institutions.
Earlier this year, the hacking group took responsibility for shutting down the website of the US Congress. The group also targeted the Baltic state of Lithuania after stopping shipments to Kaliningrad. The group has also targeted Lockheed Martin Corporation for supplying M142 High Mobility Artillery Rocket System (HIMARS).
In April this year, cybersecurity authorities at the Five Eyes Alliance warned about potential attacks on critical infrastructure. The authorities warned that the attacks would be caused by DDoS groups like Killnet, WIZARD Spider, and the CoomingProject.
The CEO and co-founder of Cyber Security Works, Aaron Sandeen, has said that these attacks revealed a gap that could be potentially exploited. Hackers were evolving and tapping into new technologies and techniques. Therefore, organizations must be vigilant and proactive to ensure their websites are secure.
The Killnet hacking group was initially launched with financial groups. However, the group later evolved into a politically-motivated group, and it started targeting countries that objected to Russia’s military activities.
The Killnet hacking group mainly conducts cybersecurity attacks to support the efforts of the Russian government. However, there is no proof that the group is closely associated with the Kremlin.