Posted on January 31, 2023 at 12:03 PM

US government warns of DDoS campaigns targeting the US healthcare sector

The United States government and other key authorities have issued an alert over the increased number of distributed denial-of-service (DDoS) attacks conducted by Russian threat actor groups. These attacks targeted the healthcare sector and are attributed to the KillNet hacking group.

Russian hackers launch DDoS campaigns targeting hospitals

The KillNet hacking group is attributed to a string of DDoS attacks targeting the US healthcare sector, including hospitals and other medical institutions. The American Hospital Association alerted its members on Monday of these possible attacks.

The American Hospital Association (AHA) issued the warning citing a previous warning by the Health Sector Cybersecurity Coordination Center at the Department of Health and Human Services.

The national adviser for cybersecurity and risk at the AHA, John Riggi, sent a statement to the Information Security Media Group saying that several hospitals within the United States and the entire healthcare system were being targeted by DDoS attacks launched by Russian threat actors. However, Riggi did not mention the healthcare entities affected by these hacking attacks.

Riggi noted that the number of victims that had fallen victim to these attacks so far remained below ten. However, he reiterated that the Russian threat actor group was actively targeting hospitals and healthcare systems by taking them offline using these campaigns.

“A pro-Russian activist group has specifically targeted US hospitals and health systems for these denial-of-service attacks, which basically means they’re overloading hospital and health systems, public websites causing them to crash, making them unavailable and potentially, in some instances, might even impact the patient portal,” Riggi added.

He further added that law enforcement authorities had already been contacted. He noted that the Federal Bureau of Investigations (FBI) had been alerted about the activities of this threat actor group. The bureau was already offering help to the victims that had so far been affected.

Activity of Russian hacking groups since the Ukraine invasion

KillNet is among the active Russian hactivist groups that have become increasingly active since the invasion of Ukraine earlier last year. The hacking group has pledged its allegiance to Moscow. It has been targeting Western institutions through DDoS campaigns as retaliation for the sanctions imposed against Russia by the US and other Western countries.

The KillNet hacking group particularly became active when Russia suffered a setback in the ongoing war in Ukraine. Recently, Germany sent advanced battle tanks to aid the Ukrainian military, while the United States has pledged to send M1A2 Abrams tanks to the country. These actions could be attributed to the escalating hacking campaigns by KillNet, including the DDoS campaigns targeting the US healthcare sector.

The growing threat of DDoS campaigns targeting hospitals means that these institutions need to pay increased attention to their cybersecurity systems to ensure they can deter attempts for ransomware.

KillNet is not the only hacking group targeting Western countries that have supported Ukraine in the ongoing war. The Conti ransomware group has also been increasingly active. The pro-Russian hactivist group will likely follow in the footsteps of KillNet and launch DDoS campaigns targeting critical institutions.

The KillNet hacking group might still be actively looking for new hospitals to target. The alerts issued by AHA and HC3 mention an alleged list by the hacking group that targets hospitals and medical entities in multiple countries.

The alerts also mention that the Killnet group has publicly threatened to target more organizations within the healthcare and the public healthcare sector. HC3 noted that this hacking group has been using public DoS scripts and IP stresser to conduct its operations.

The statement by HC3 refers to one of the members of the KillNet group known as Killmilk, who has threatened the US Congress of selling US citizens’ health and personal data because of the policies that Congress has taken pertaining to the conflict in Ukraine.

Towards the end of last year, another Russian hactivist group said it had hacked into the US healthcare sector by targeting an organization that caters to US military members. The group noted that it had amassed large volumes of data following the breach.

US authorities have been cracking down on the activities of these hacking groups. In December last year, federal prosecutors filed charges against six individuals and seized numerous domains used by the individuals to offer DDoS-as-a-service. According to authorities, the arrests and the seizures might have crippled the ability of Russian hacktivist groups to launch DDoS campaigns.