UPDATED 20:51 EST / OCTOBER 06 2022

SECURITY

Russian hackers take down state websites in politically motivated attack

Hackers with ties to the Russian government have claimed credit for taking down websites in three U.S. states for politically motivated purposes.

Killnet, which first emerged in January, claims to have taken down sites belonging to the states of Colorado, Kentucky and Mississippi. The web portals for all three were functioning again as of the time of writing, but Colorado’s official state web portal was reported today to be showing a message that read “homepage is currently offline” earlier in the day.

Killnet has been behind several high-profile attacks since Russia invaded Ukraine in February. In June, Killnet claimed responsibility for a distributed denial-of-service attack targeting government and private organizations in Lithuania after the country restricted the transit of steel and ferrous metals to Kaliningrad, a Russian exclave on the Baltic Sea.

The group claimed at the time that its DDoS attack would continue until Lithuania lifts the blockade, with the spokesperson saying at it had “demolished 1,652 web resources so far.” The figure was not backed up by evidence that suggested the attack was smaller in scale than claimed.

Killnet also claimed to have attacked and taken offline websites run by U.S. aerospace manufacturer Lockheed Martin Corp. in August. The group claimed that the motivation for the attack was Lockheed providing the M142 High Mobility Artillery Rocket System to Ukrainian armed forces.

Evidence of links between Killnet and the Russian government were detailed in a report by Google LLC’s Mandiant subsidiary in September. The report claimed that along with the DDoS on Lithuania, Killnet had also launched attacks against organizations in Japan, Italy, Norway and Estonia.

Killnet’s specific targeting of the board of election’s website in Kentucky has also caused some media outlets to claim attempted Russian election interference. CNN reported Wednesday that the attack is an example of digital disruption or distraction that U.S. officials are preparing for ahead of the November midterm elections but then quotes an expert saying that the Killnet attack did not specifically target election infrastructure.

“The [hacking] campaign does not appear to specifically target U.S. elections infrastructure, though election-related websites can be indirectly or directly impacted through the broader operation,” the Elections Infrastructure Information Sharing & Analysis Center, a nonprofit-backed threat-sharing center, told CNN.

Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE that “hacktivists,” such as those that appear to be behind the attack, can now reach further and make bigger statements that are more publicly visible now.

“In the case of these state government websites, the disruption of service, while inconvenient, is far less of a problem than a data breach involving the theft of personally identifiable information,” Kron added. “Whether it’s the defacement of websites, or taking them offline with attacks such as DDoS attacks, it does erode public trust in the organizations that these websites represent.”

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.