{"id":95516,"date":"2023-07-20T06:56:00","date_gmt":"2023-07-20T06:56:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=95516"},"modified":"2023-07-20T06:56:00","modified_gmt":"2023-07-20T06:56:00","slug":"attention-seeking-killnet-hacktivists-becoming-more-dangerous","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95516","title":{"rendered":"Attention-seeking KillNet hacktivists becoming more dangerous"},"content":{"rendered":"
<\/div>\n

The Russia-aligned KillNet hacktivist group<\/a>, which has been behind a string of distributed denial of service (DDoS) attacks<\/a> on Western targets since the outbreak of the Ukraine war, continues to steadily ramp up its capabilities and is likely using newly created or absorbed affiliate groupings to conduct more impactful attacks, but its primary goal likely remains attention-seeking.<\/p>\n

This is according to analysis of the group conducted by threat researchers at Google Cloud-backed Mandiant<\/a>, who said that until recently the KillNet group\u2019s attacks had generated \u201conly shallow impacts lasting short periods of time\u201d.<\/p>\n

However, the emergence of new, associated groups \u2013 most notably Anonymous Sudan, which is neither anonymous nor Sudanese \u2013 is causing more organisations to sit up and take notice, said Mandiant.<\/p>\n

\u201cThe self-proclaimed hacktivist group Anonymous Sudan appears to have increased KillNet\u2019s capabilities and the group has become the collective\u2019s most prolific affiliate in 2023, conducting a majority of claimed DDoS attacks. Anonymous Sudan has caused significant disruptions at a level not observed by KillNet affiliates previously,\u201d the research team wrote.<\/p>\n

By Mandiant\u2019s reckoning, Anonymous Sudan has committed about 63% of the DDoS attacks attributed to the collective this year, followed by UserSec (14%) and KillNet itself (10%).<\/p>\n

Most notably, Anonymous Sudan \u2013 also tracked as Storm-1359 \u2013 was responsible for an extremely successful DDoS attack against Microsoft<\/a>, which caused service disruptions for users of its Azure, OneDrive and Outlook products at the start of June.<\/p>\n

UserSec, meanwhile, was this week held to be behind an incident that saw the websites of Birmingham and London City airports disrupted for a short time<\/a>.<\/p>\n

The KillNet collective has also claimed to have brought on board operatives associated with the REvil ransomware group and posited links with Conti.<\/p>\n

Mandiant said the group\u2019s overarching structure, leadership and capabilities were clearly undergoing substantial shifts and seem to be progressing towards a model that includes these newer and higher-profile cyber crime \u201cbrands\u201d that act to draw global attention in addition to that drawn by KillNet itself.<\/p>\n

According to John Hultquist, chief analyst at Mandiant Intelligence, attention-seeking is, to some extent, the collective\u2019s main goal.<\/p>\n

\u201cPro-Russian hacktivists are really attempting to hack our attention by hitting flashy targets and taking on a number of identities,\u201d Hultquist told Computer Weekly. \u201cThey may succeed in carrying out a serious incident, but we have to remember that immediate effects aren\u2019t nearly as important to them as undermining our sense of security.\u201d<\/p>\n

\n

<\/i>Consistent targeting but no proof of Kremlin links<\/h3>\n

Mandiant said that while KillNet maintained consistent targeting that was in line with Russian geopolitical objectives, it had not been able to obtain any evidence that directly confirms the group is collaborating with, or being tasked by, the Russian intelligence and security services, although Anonymous Sudan\u2019s hit on Microsoft may indicate an increase in outside investment, which may suggest firmer ties than previously thought.<\/p>\n

\u201cWe anticipate that KillNet and its affiliates will continue DDoS attacks and become more brazen in their targeting of organisations,\u201d said the research team.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

The Russia-aligned KillNet hacktivist group, which has been behind a string of distributed denial of service (DDoS) attacks on Western targets since the outbreak of the Ukraine war, continues to steadily ramp up its capabilities and is likely using newly created or absorbed affiliate groupings to conduct more impactful attacks, but its primary goal likely […]<\/p>\n","protected":false},"author":1,"featured_media":95517,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-95516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95516"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95516\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95517"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}