DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HC3: Analyst Note: Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector

Posted on January 3, 2023 by Dissent

December 22, 2022
TLP:CLEAR
Report: 202212221500

Executive Summary

HC3 is closely tracking hacktivist groups which have previously affected a wide range of countries and industries, including the United States Healthcare and Public Health (HPH) sector. One of these hacktivist groups—dubbed ‘KillNet’—recently targeted a U.S. organization in the healthcare industry. The group is known to launch DDoS attacks primarily targeting European countries perceived to be hostile to Russia, and operates multiple public channels aimed at recruitment and garnering attention from these attacks.

Report

KillNet is a pro-Russian hacktivist group, active since at least January 2022, and known for its DDoS campaigns against countries supporting Ukraine; especially NATO countries, since the Russia-Ukraine war broke out last year. DDoS is the primary type of cyber-attack employed by the group, which can cause thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems. While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days. Although KillNet’s ties  to official Russian government organizations, such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR), are unconfirmed, the group should be considered a threat to government and critical infrastructure organizations, including healthcare.

Impact to HPH Sector KillNet has previously targeted, or threatened to target, organizations in the Healthcare and Public Health (HPH) sector. For example, Killmilk, a senior member of the KillNet group, has threatened the U.S. Congress with the sale of the health and personal data of the American people because of the Ukraine policy of the U.S. Congress. In December 2022, the pro-Russian hacktivist group claimed the compromise of a U.S.-based healthcare organization that supports members of the U.S. military and claimed to possess xxxxxxa large amount of user data from that organization. In May 2022, a 23-year old supposed KillNet member was arrested in connection with attacks on Romanian government websites. In response to the arrest, KillNet reportedly demanded his release and threatened to target life-saving ventilators in British hospitals if their demands were not met. The member also threatened to target the UK Ministry of Health. It is worth taking any claims KillNet makes about its attacks or operations with a grain of salt. Given the group’s tendency to exaggerate, it is possible some of these announced operations and developments may only be to garner attention, both publicly and across the cybercrime underground.

Read more at https://www.hhs.gov/sites/default/files/killnet-analyst-note-tlpclear.pdf

Category: Breach IncidentsCommentaries and AnalysesHackHealth DataOf NoteU.S.

Post navigation

← Just snarky or dangerous? Ransomware gang cloned victim’s website to leak stolen data
Swansea Public Schools cancel classes Wednesday after ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.