As a result of Killnet and Killmilk's leadership over the past several months, ragtag hacker groups from Russia have been consolidated under their leadership. This has formed one group called Killnet. Even though Killnet has made a concerted effort to position itself as a powerful arm of the Russian government, and even a potential mercenary cyber army, its attempts have largely failed, as it has outshined many of its competitors. Experts disagree with either of those claims, and Killnet does not meet its hype, regardless of whether the claims are correct or inaccurate.
KILLNET is a well-known pro-Russian hacktivist group that has been operating actively since the conflict between Russia and Ukraine broke out over a year ago. Since February 2022, the group has been active in the field of Distributed Denial of Service (DDoS), and since then has been engaged in DDoS attacks. A semi-formal organizational structure has also been established within this group of activists.
This group has a substantial presence on Telegram, a messaging app widely used by its members. KILLNET has a well-developed organizational structure for command and control. With different levels of superiority, command lines, and tasking systems, the company demonstrates a strong command and control mechanism.
This group consists of a few subgroups that allegedly are involved in multiple terrorist attacks against NATO countries and other anti-Russian states. While it is uncertain whether or not they are technically proficient and sophisticated, they remain considered a threat despite the uncertainties.
The growth has been attributed to the continual addition of new sub-groups and specialists, as well as the shift in motivation from hacktivism towards making money from hacker companies, which has been a successful strategy in recent years.
There are several cybercriminals and cyberattack threat groups in Russia who, under relative protection from Western law enforcement, are facing something common to all capitalist economies - the market for cyberattack threat groups has become saturated, meaning consolidation is imminent in the country. Killnet has chosen to engage in a media feud to reclaim its position as the strongest hacktivist organization in Russian history.
Russia and Killnet May Not be in a Mutually Beneficial Relationship
Security vendor Mandiant believes Killnet may have some connection to the Russian government, though that connection remains uncertain at the moment. Killnet does not fit into the military program due to its activities. These activities are closely linked to known Kremlin-controlled hacking operations that are mostly kept quiet and work on disinformation and disinformation campaigns. The Killnet operations of Mandiant have been generating headlines recently due to their success.
KillMilk, credited with creating the KILLNET, announced recently that they were forging a team of darknet operators and special forces agents with financial motives. This team was carrying out destructive activities on the darknet. The business they ran spanned the full spectrum from offering services to hackers as well as competing businessmen, all the way through to taking orders from private parties and state authorities. Additionally, they were tasked with defending the interests of the Russian Federation.
A detailed analysis of KILLNET, its subgroups, its capabilities, and recent developments in the group's motives is included in this report.
According to Mike Parkin, with Vulcan Cyber, Killnet has positioned itself as a group committed to furthering Kremlin interests following the Russian invasion of Ukraine in 2014. Its messaging has been highly pro-Kremlin, indicating that it may be courting Kremlin support.
In the case that they are not working for the Russian government already, it would seem safe to assume that Killnet will be working for them if they aren't already. Even if [Killent] does not receive any payment, the ability to operate without being confronted by state law enforcement agencies is a major benefit. Many countries, along with Russia, have already become comfortable with the idea of cybercriminals operating.
It has been decided that Killnet has decided to build a big brand and media profile to compete in a competitive cybercriminal sector without direct support from Russia. By presenting this to other hackers, they can get them to work for them. There are not many cyber threats that Killnet has effectively handled so far.
It has been reported that Killnet may have targeted several healthcare facilities in the US, including Stanford Health, Michigan Medicine, Duke Health, and Cedars-Sinai. However, these cyberattacks have not disrupted any of these institutions' networks.
Additionally, there have been other reports of DDoS attacks which are Killnet's primary method of attacking infrastructure within the US as well as internationally. In addition to airports, there are defense contractors who provide services to the government and even the White House.
Brand building at Killnet
As of March, Killnet is launching Black Skills, a cyber-army-for-hire modeled after the Wagner Group, a mercenary army commissioned by Russia when it invaded Ukraine until a revolt broke out among its soldiers and their Kremlin-connected commander Yevgeni Prigozhin in June.
Even though Killnet claims that it was not involved in the Wagner Group revolt in June, it has praised Prigozhin while simultaneously accusing the Wagner Group revolt of being instigated by enemies of Prigozhin. There is no evidence to suggest Killnet is capable of setting up a private military company (PMC) that can compete with the United States military. Experts tell Dark Reading this is not true.
In addition to frequently announcing developments regarding its structure and future operations, Killnet has also announced that it will become a private defense hacker company shortly," Mandiant stated.
In addition, there have been several instances of petty drama as well. The head of Anonymous Russia was outed as a CIA rat by Killnet's Killmilk in April, where Killmilk called him a leader of the rival hacktivist group. The threat actor who he appointed as his leader is Radis, another threat actor. It seems that Killnet's recent move has had little effect on killing their influence among Russian hackers as well.
Furthermore, the group has also spoken about the possibility of launching cyberattacks on Western SWIFT banks in conjunction with the ransomware groups REvilL and Anonymous Sudan. This has not yet happened.
Despite this, Killnet has built a strong brand name. There are rap songs dedicated to Killnet's antics, and jewelry bearing their moniker can be seen in Moscow's most fashionable clothing stores. The group has become a legend in Russia.
A new version of Killnet's promotional video was released recently, teasing the short film about the group that's on its way. A video of the incident is reported to include sledgehammers smashing and tough-talking, according to the video.
Parkin believes that Killnet was making headway in terms of gaining the support of other groups to join the network. As a result, he does not believe that this threat group will be able to emerge as a unique Russian power player in the cybercrime industry. It is unlikely that these groups will ever obtain a majority in their respective groups. This is even though they consolidate other groups under their banner.
