Posted on February 19, 2023 at 6:53 AM
Russian hacktivist group KillNet targets several NATO websites
Russian hacktivists have been actively targeting Western countries. The Killnet hacking group has been the most active. It has gone beyond targeting healthcare institutions in the United States to targeting some sites of the North Atlantic Treaty Organization (NATO).
Russian hacktivists target NATO websites
The Killnet hacking group has been linked to distributed denial-of-service (DDoS) attacks. The hacking group targeted some NATO sites shortly after revealing that it would target them. The group used an encrypted Telegram channel, saying it planned to launch attacks targeting NATO.
The hacking group also appeared to request cryptocurrency donations from individuals and organizations supporting Russia. According to the group, these donations would go towards launching other attacks.
NATO has said that it is taking the necessary measures to mitigate the effects of this attack. The secretary general of NATO, Jens Stolberg, commented on this development saying that the institution was taking the necessary protective measures in response to this DDoS campaign.
The NATO executive has also said that NATO uses classified networks that were not affected during the breach. According to Stolberg, these classified networks support communications within the command structure and are used during active missions.
Stolberg has also said that most of the NATO websites were working normally, adding that the technical teams at the organization were working to ensure full access to the websites that were affected during the attack.
Despite Stolberg’s assurance that the classified networks of NATI were not affected and that the effects of the attack were minimal, other reports suggest otherwise. NATO has reported that the communication between the organization and the Strategic Airlift Capability (SAC) was affected during the breach.
The SAC has played an instrumental role in helping Turkey during the earthquake crisis. A magnitude 7.8 earthquake hit Turkey and Syria on February 6, and the country is still dealing with the aftershocks of this earthquake. An aircraft was being used to fly the search and rescue teams and their equipment to an airbase in Turkey.
However, the ability of the SAC to communicate with this aircraft was affected due to the DDoS attack launched by the Killnet hacking group. However, the SAC did not lose complete contact with the plane.
Russian hacktivists launch a series of attacks
As aforementioned, hacking groups supporting Russia in the ongoing war with Ukraine have been actively targeting other countries. Hacktivists launch attacks because of their political views and not to make profits. These hackers use cyber attackers to promote their ideology and to make their political stance known.
In some cases, these hacktivists might steal sensitive information about their political rivals to post it online. Moreover, they can also use this information to obtain monetary benefits.
Recently, a series of DDoS campaigns were targeted against US hospitals. The Killnet hacking group took responsibility for these attacks saying that it managed to exfiltrate sensitive information from several US hospitals. The US Department of Health & Human Services (HSS) confirmed the breach and issued an alert.
A report released on January 28 said that the group posted health and personal data that belonged to global healthcare organizations. The data was posted in the “KillNet list” that the group uses to publish the data that has been stolen from victims.
However, hactivist campaigns are not exclusive to Russian threat actor groups. Towards the end of June last year, one of the largest steel manufacturing companies in Iran, Khouzestan Steel Company, was targeted by a hacktivist group known as Gonjeshke Darande or the Predatory Sparrow.
The steel company was forced to shut down the plant because of technical issues that arose because of the attack. The website of the company was also down. The hacking group posted a social media video saying it had also launched attacks against other steel companies in Iran, such as Hormozgan Steel Company and Mobarakeh Steel Company.
According to the hacking group, the attack against the steel company was prompted by the company’s continued operations despite the sanctions imposed by the Iranian government. In January last year, several Iranian companies operating in the steel industry were targeted by sanctions. The sanctions were imposed by the US Treasury Department amid allegations that these companies were using their revenues to fund the Iranian regime and supporting it in its nefarious activities.