Pro-Russian Hacktivist Group KillNet Poses Threat to US Healthcare Cybersecurity

The Health Sector Cybersecurity Coordination Center (HC3) issued an analyst note about KillNet, a pro-Russian hacktivist group that is known to be a threat to the US healthcare sector. The group has been active since at least January 2022 and is known for executing distributed denial of service (DDoS) attacks against countries supporting Ukraine.

“While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days,” the analyst note stated.

“Although KillNet’s ties to official Russian government organizations, such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR), are unconfirmed, the group should be considered a threat to government and critical infrastructure organizations, including healthcare.”

A senior member of KillNet threatened the US Congress “with the sale of the health and personal data of the American people because of the Ukraine policy of the U.S. Congress,” HC3 noted.

The group has also threatened to target life-saving ventilators in British hospitals and the UK Ministry of Health in the past.

However, HC3 emphasized that “[i]t is worth taking any claims KillNet makes about its attacks or operations with a grain of salt.”

“Given the group’s tendency to exaggerate, it is possible some of these announced operations and developments may only be to garner attention, both publicly and across the cybercrime underground,” the analyst note continued.

Even so, organizations should take practical steps to mitigate the risk of a DDoS attack. Specifically, healthcare organizations may want to consider enabling web application firewalls to mitigate application-level attacks and implementing a multi-content delivery network (CDN) solution to balance web traffic across the network, the analyst note stated.

Thankfully, in December 2022, the US Department of Justice (DOJ) announced that it had seized 48 internet domains associated with leading DDoS-for-hire services. In addition, the DOJ brought down criminal charges against six defendants who allegedly oversaw computer attack platforms.

“Despite this success, it remains unknown if (and how) this law enforcement action might impact KillNet, which turned its DDoS-for-hire service into a hacktivist operation earlier this year,” HC3 noted.

“Furthermore, it is likely that pro-Russian ransomware groups or operators, such as those from the defunct Conti group, will heed KillNet’s call and provide support. This likely will result in entities KillNet targeted also being hit with ransomware or DDoS attacks as a means of extortion, a tactic several ransomware groups have used.”