Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime

Pro-Russian Killnet Group in DDoS Attacks on Czech Entities

Group Also Claims to Have Targeted the US, Poland, Germany and UK
Pro-Russian Killnet Group in DDoS Attacks on Czech Entities
Killnet is targeting those it sees as adversaries of Russia. (Source: Killnet Telegram account)

Pro-Russia threat group Killnet has attacked several entities in recent days. It targets victims that it believes are adversaries of Russia in the Russia-Ukraine war. This specifically includes NATO and its allied members. According to a post viewed by Information Security Media Group in the group's Telegram channel, Killnet, the group says that it does not wish to harm the people of other countries and it does not provide any hacking services to others. It says "the task of killnet is to create maximum damage to the network info structure of enemy countries."

See Also: The State of Organizations' Security Posture as of Q1 2018

In the latest development in this campaign, several critical infrastructure entities in the Czech Republic were successfully targeted. In a press conference, the interior minister of the Czech Republic, Vít Rakušan, did not name the threat actor, but he attributed the attacks to Russian hackers. Rakušan also said no information or private citizen data was stolen in the attacks.

Attacks on Czech Critical Services

According to the Czech National Cyber and Information Security Agency - NÚKIB or NCISA - some Czech websites have been under severe DDoS attacks by hackers since the beginning of the week. These include Czech railways, the Karlovy Vary and Pardubice airports, and the public administration portal, which was not operational for several days.

And the NCISA official website was targeted with a DDoS attack on Thursday, which made the website unreachable from outside the country, the NCISA says in a tweet.

Czech Railways

The Czech railways - or České dráhy - posted a similar notice on Twitter, stating that a cyberattack was detected on their website and sales channels and had affected their online operations and possibly made some of the railway applications unavailable.

Local Czech media agency iDNES.cz cites Lukáš Kubát, a spokesperson for the railways, who says, "It [the railways] has been solving the problem with outages of the 'My Train' mobile application since Tuesday. Buying tickets online did not work and there were also problems finding connections."

Czech Airports

At the press conference addressed by Rakušan, the interior minister said two airports in the country - the Karlovy Vary and Pardubice airports - had also faced DDoS attacks.

Neither of the two airport authorities immediately responded to ISMG's request for comment on the incident. But in a clarification given to the local media agency, a spokesperson for Karlovy Vary Airport says an attack was recorded on Wednesday night. "This is a DDoS attack, which means that a large number of queries are trying to disable [our] server. However, our website is normally accessible from the Czech Republic. We are dealing with the attack with our IT technician," says Alice Undus, CEO of Karlovy Vary Airport. According to her, the attack on the airport's website does not affect traffic safety.

Pardubice Airport was also targeted on Wednesday. "It caused a failure of the entire web system and our website does not work," the local media agency cited an airport spokesperson as saying. "The operation of the airport should not be affected by the attack, but East Bohemian Airport will have everything checked by the company that provides the computer system," the spokesperson added.

Killnet Claims Responsibility

None of the Czech government authorities or international partners publicly attributed the DDoS attacks to a particular threat actor apart from Rakušan, who simply said the attacks were coming from Russia.

Based on this lead, ISMG observed the chatter on various social media forums and Telegram channels, which led to the discovery of a recently formed Telegram channel "KILLNET" - created on Jan. 24.

The Killnet group is known to support Russia, based on a video published by the group on Twitter, addressing the people of Russia and telling them to never doubt their country. Little is known about the group, but a joint cybersecurity alert published by CISA on Wednesday says that Killnet is an emerging threat actor and should be watched.

CISA says that the group has claimed credit for carrying out a DDoS attack against a U.S. airport, [Bradley International Airport,] in late March 2022, in response to U.S. material support for Ukraine.

The Killnet group in its Telegram channel has not only claimed responsibility for all the attacks mentioned earlier in this article that are known to be targeted at the Czech Republic but also claimed additional victims, including the defense department a commercial bank, a cellular provider, a hosting company, and two additional airports in Czech Republic - the Brno-Turany and Ostrava airports.

Killnet claims the above victims in the Czech Republic (Source: Telegram)

In its latest post, the group also claimed responsibility for the DDoS attack on the Prague international airport. The additional claims could not be verified by ISMG as no official responses have been received from the claimed victims at the time of writing.

Not Just Czech Republic, But All of NATO

Killnet, as was thought earlier, is not just targeting the Czech Republic in this ongoing campaign, but all the NATO and associated nations that are supporting Ukraine in some way, be it accepting refugees or providing military assistance.

Poland is known to be providing Ukraine's military with ammunition to fight the war. Citing this as treason against the Russian Federation, the Killnet group claims to have targeted eight Polish airports to stop their operations and the subsequent transfer of weapons.

Killnet claims it conducted cyberattacks on eight Polish airports. (Source: Telegram)

The group has also claimed attacks on several elements of critical infrastructure in Germany, Poland, the U.K. and, most recently, Estonia. To date, however, none of these claims have been verified by any of these countries or the respective claimed victims.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.