Posted on November 30, 2022 at 11:19 AM
The US Treasury Department has avoided a distributed denial of service (DDoS) attack. This attack has been linked to Killnet, a hacking group based in Russia. The hacking group has been launching multiple attacks against critical institutions and infrastructure in the US.
US Treasury thwarts a DDoS attack linked to Russian Killnet group
The Killnet group is the same one attributed to an attack that left a dozen airport websites in the US going offline on October 10. The incident was also caused by a DDoS attack that flooded traffic to these websites.
This DDoS attack did not affect air travel. Moreover, there was no disruption to the operations of the airports. A day after the airport attacks, the group also targeted one of the latest financial institutions on Wall Street, JPMorgan Chase. Still, the bot army did not cause any damage to the institution’s operations.
Reuters first reported the large-scale DDoS attack that targeted the US Treasury. The Killnet hacking group did not cause operational harm to the government agency. The DDoS attack happened a few days before the Killnet group targeted JPMorgan Chase.
The attack in question was reported earlier this month. The cybersecurity counselor to the Deputy Treasury Secretary Wally Adeyemo, Todd Conklin, said the incident was a “pretty low-level DDoS activity targeting Treasury’s critical infrastructure nodes.”
Conklin also added that the US Treasury shared the internet protocol (IP) address used in this attack with financial services. This aligns with the new procedures to mitigate such attacks as required under the Biden administration.
“It confirmed that we’re on the right track with how we’re trying to actually share tactical information with the sector in real time with the mind that we are interconnected and face the same threat actors,” Conklin added.
Some of these changes also came into effect after Adeyemo, and Treasury Secretary Janet Yellen took up their respective roles. According to Adeyemo, this incident proved that the US Treasury and other institutions offering financial services faced similar threats.
The thwarted DDoS attack by the US Treasury also comes after the institution published the recent Financial Trend Analysis report focusing on ransomware. The report found that US banks paid out around $1.2 billion in 2021 to people and groups extorting them using cybersecurity attacks.
The Treasury findings also added that ransomware attacks continued to pose a major threat to critical infrastructure in the US. These attacks also affected businesses and the public. Moreover, the majority of these ransomware attacks seemed to originate in Russia.
The report further notes that the total number of ransomware attacks and the monetary value paid to these attackers, as reported in the Bank Secrecy Act filings in 2021, was significantly higher than what had been reported during the previous years.
The Financial Crimes Enforcement Network reported 1,489 ransomware filings in 2021 valued at around $1.2 billion, representing an increase of more than 188%. This was significantly higher than the $416 million reported in 2020.
Russian Killnet hacking group
The Killnet threat actor group is relatively new. The group is also “relatively unsophisticated. The group normally operates on a “hack-for-hire” model. Security researchers note that the hacking group usually targets institutions using DDoS attacks. However, the attacks are usually not major, and they do not cause significant damage to the targeted institution.
Nevertheless, the group has been active since the invasion of Ukraine earlier this year. Its operations have now taken a turn towards patriotism, and the group now conducts Pro-Russian operations.
While the group’s DDoS attacks do not cause any significant harm to the targeted institutions, they are still considered a threat to critical infrastructure. The group usually targets institutions that provide critical services, as seen in the latest attacks on the US Treasury and airports.
In October, the Killnet hacking group said it was responsible for attacks on the websites of US state governments, including Colorado, Mississippi, and Kentucky. The group said it took down these websites because of the US’s continued support for Ukraine since Russia invaded the country in February this year.
The group’s hacking attacks are not exclusive to the United States. It has also conducted similar cyberattacks in other countries, such as Japan, Lithuania, and Romania. However, in most cases, the attacks launched by this group have little to no impact.