DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HC3: Analyst Note: Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector

Posted on January 31, 2023 by Dissent

Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector

January 30, 2023
TLP:CLEAR
Report: 202301301200

Executive Summary

The hacktivist group ‘KillNet’—has targeted the U.S. healthcare industry in the past and is actively targeting the health and public health sector. The group is known to launch DDoS attacks and operates multiple public channels aimed at recruitment and garnering attention from these attacks.

Report

KillNet is a pro-Russian hacktivist group active since at least January 2022 known for its DDoS campaigns against countries supporting Ukraine, especially NATO countries since the Russia-Ukraine war broke out last year. DDoS is the primary type of cyber-attack employed by the group which can cause thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems. While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days. Although KillNet’s ties to official Russian government organizations such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR) are unconfirmed, the group should be considered a threat to government and critical infrastructure organizations including healthcare.

Impact to HPH Sector

KillNet has previously targeted, or threatened to target, organizations in the healthcare and public health (HPH) sector. For example, Killmilk, a senior member of the KillNet group, has threatened the U.S. Congress with the sale of the health and personal data of the American people because of the Ukraine policy of the U.S. Congress. In December 2022, the pro-Russian hacktivist group claimed the compromise of a U.S.-based healthcare organization that supports members of the U.S. military and claimed to possess a large amount of user data from that organization. In May 2022, a 23-year old supposed KillNet member was arrested in connection with attacks on Romanian government websites. In response to the arrest, KillNet reportedly demanded his release and threatened to target life-saving ventilators in British hospitals if their demands were not met. The member also threatened to target the UK Ministry of Health. It is worth taking any claims KillNet makes about its attacks or operations with a grain of salt. Given the group’s tendency to exaggerate, it’s possible some of these announced operations and developments may only be to garner attention, both publicly and across the cybercrime underground.

On January 28, 2023 an the alleged Killnet attack lists for hospitals and medical organizations in several countries was found by users and publically shared.

[The Analyst Note continues further down]

According to information shared online, the following hospitals were targets of attacks by Killnet this week, but have recovered:

  • Duke University Hospital (North Carolina)
  • Stanford Healthcare (California)
  • Cedars-Sinai Hospital (California)
  • The University of Pittsburgh Medical Center (Pennsylvania)
  • Jefferson Health (Pennsylvania)
  • Abrazo Health (Arizona)
  • Atlanticare (New Jersey)
  • Michigan Medicine and its associated Mott Children’s Hospital (Michigan)
  • Huntsville Hospital (Alabama)
  • Anaheim Regional Medical Center (California)
  • Hollywood Presbyterian Medical Center (California)
  • Buena Vista Regional Medical Center (Iowa)
  • Heart of the Rockies Regional Medical Center (Colorado)

According to Information Security Buzz, other hospitals, listed below, were reportedly still experiencing issues as of 12 p.m. Eastern Time today:

  • Buena Vista Regional Medical Center in Storm Lake, Iowa;
  • Anaheim Regional Medical Center (California);
  • Hollywood Presbyterian Medical Center (California);
  • Huntsville Hospital (Alabama); and
  • Heart of the Rockies Regional Medical Center (Salina, Colorado).

Access the full Analyst Note below:

Loading...
Category: Breach IncidentsHackHealth DataOtherU.S.

Post navigation

← Ransomware attack on Appui Santé Nord Finistère locked files and deleted some archives
The U.N. Committee on Human Rights asks Morocco NOT to extradite Raoult →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report