FANNY TAN 

Source Link

First noticed by western cybersecurity firms early in 2022, Killnet has been considered the most active of the pro-Russian hacktivist groups since the start of the war in Ukraine (February 2022). The group can pat itself on the back for achieving at least a part of its original mission: to create and combine a range of pro-Russian hacktivist groups to multiply its firepower. In particular, the integration of Anonymous Sudan, another group with apparently similar objectives, has enabled the collective to boost its capacities considerably in recent months.

Identified by the “Five Eyes” alliance (Australia, New Zealand, the United Kingdom, Canada and the USA) as a threat to critical infrastructure, Killnet is nevertheless still perceived by researchers as a rather unsophisticated group, whose cyberattacks — which mostly target critical infrastructure, the media, and government websites of NATO countries and their allies — have consequences that fall well short of the mark. The group is often accused of a tendency to exaggerate its exploits, and even claim responsibility for attacks that never happened.

It was Killnet’s recent announcements on Telegram that got the media-attention-loving hacktivists collective into the international headlines. In mid-March 2023, Killmilk, the group’s self-proclaimed leader, announced the group’s rebranding: Killnet was to become “Black Skills”, a cyber mercenary business inspired by the Wagner Group of mercenaries. Experts believe that this reorganisation — which as yet exists only in name — is designed to attract Western media attention, as well as bringing more credibility to the group.

However, London-based private intelligence firm Grey Dynamics believes it could be an attempt to attract more support and attention from the Russian government, in order to pave the way for more elaborate operations.

At the start of 2023 Killnet also unveiled the launch of its Dark School, a cybercrime school that aims to train the next cohort and swell the ranks of the collective. Their lessons are offered in English, Russian, Spanish and Hindi, and cover subjects such as DDoS attacks, the creation and promotion of disinformation for profit, social engineering, OSINT, the psychology of cyber warfare, and cyber spying.

Despite the media attention sparked by these announcements, cybersecurity researchers are questioning whether the pro-Russian collective is making any real progress towards its objectives, pointing to Killnet’s hurried sale, in February 2023, of the Infinity forum, a platform for hacktivists and cybercriminals.

Even though Killnet’s course of action aligns with Russia’s geopolitical interests, researchers have been unable to establish a direct link between the group and the Russian authorities. And yet, the Mandiant consultancy, which in July 2023 published a report devoted to the latest changes in the group, emphasises that Killnet absolutely could be a “false flag” operation by the Russian government, with the objective of disguising its digital attacks under the cover of a grass-roots movement.

Whatever the case, it seems evident that Killnet is trying to raise its profile with the public and attract potential sources of funding to propel its activities forward. Its insistence on being identified as a cyber mercenary group can also be interpreted as opportunism, given the popularity of private military companies in Russia. And on top of this, it gets the chance to surf the recent media wave enjoyed by participants in this growing phenomenon.

Despite the boost to Killnet’s capacities through its affiliation with Anonymous Sudan, Mandiant asserts that the group’s modus operandi and chosen victims remain pretty much the same. Cautiously, the American firm predicts that even if Killnet does not evolve into a supplier of cyber warfare services, there is a risk that in the future, it and its affiliates will “continue their DDoS attacks and become bolder in their targeting of organisations“.