WP Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy | Imperva

Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy

Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy

In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), The Organization for Security and Cooperation (OSCE) an organization founded in Finland, and other European sites in Czechia, Estonia, Latvia, Lithuania, German, Poland, Romania and the UK. According to the findings by The European Union Agency for Cybersecurity (ENISA), while there are no reports of the attacks having had a major impact on the targeted organizations, this indicates an active increase of targets outside Ukraine.


KILLNET is a pro-Russian/anti-NATO threat actor group carrying out DDoS attacks against countries actively assisting Ukraine in its war against Russia. The group emerged as a pro-Russian hacker group in January initially starting as a “DDoS as a Service” group for users to rent botnets to carry out attacks. Following the invasion of Ukraine the group shifted their focus to more hacktivist-style activity in support of Russia. As the group appears to have potentially significant support, it is likely that similar attacks will continue.

KILLNET Timeline

  • 23 January 2022 – KILLNET emerged as a pro-Russian hacker group.
  • 25 February 2022 – created a post on their Telegram titled ‘ANONYMOUS, YOUR TIME IS UP!’ in response to pro-Ukrainian hacktivist elements.
  • 28 February 2022 – the group created a ‘call to arms’ post addressing hackers in the ‘Russian Federation and the CIS countries’.
  • Also February 2022 – the group shared a link to the Telegram group of Cyber Army of Russia encouraging KILLNET followers to subscribe to the channel to see KILLNET attacks.
  • Date unknown – Announced partnership with XakNet – indicating several pro-Russian hacktivist elements have joined forces to conduct cyber warfare operations against Ukraine and its allies. Attacks have included multiple cyber attacks against pro-Ukrainian targets including a US airport and several Ukrainian government entities.
  • 20 April 2022 – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed KILLNET as one of several pro-Russia cybercrime groups which could pose a threat to critical infrastructure organizations.

CISA also included the following cybercrime groups on the list which was based on industry and open-source reporting, by US, Australian, Canadian, New Zealand, and UK cyber authorities:

  • The CoomingProject
  • The Xaknet Team

DDoS in Cyber Warfare

DDoS attacks are often lauded as a weapon of choice in cyber warfare mainly due to their capacity for crippling applications and networks. In the early part of this year as significant global events unfolded and tensions mounted between Russia and Ukraine, our own data and analysis from across the industry showed more DDoS attacks. This activity, along with sustained turbulence in the geo-political situation, has prompted worldwide caution around the heightened possibility of more cyber attacks going forward.

As a result, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its partners Joint Cyber Defense Collaborative (JCDC), issued technical guidance, including examples on its website of DDoS attacks on government and financial websites in Ukraine in March to inform business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture.

Imperva Threat Research

Imperva Research Labs observed a spike in the volume of DDoS attacks targeting sites in Ukraine in Q1, which included attacks on several financial services targets. By March 2022, DDoS attacks increased overall as the likelihood of a physical incursion escalated.

DDoS attacks consistently rank high in the ENISA threat landscape and remain one of the most critical threats to IT systems and networks with their capacity to overwhelm resources, impact performance and cause severe outages.

DDoS Mitigation Best Practices

With the increase in DDoS attacks on European targets it is critical to put robust DDoS mitigations in place. Having only a firewall will not be enough to stop the volumes of the DDoS attacks launched by KILLNET and other threat actors. To help organizations prepare for a DDoS attack and make the right DDoS Protection choices we have put together a list of DDoS Mitigation Best Practices.

Under DDoS Attack? Contact Imperva for emergency help.