Nearly a thousand cyberattacks were launched against Western institutions and companies between October and March, says a NATO-linked cybersecurity firm. The high-profile Russian partisan group Killnet has been implicated in many of the campaigns.
The VisionWare Threat Intelligence Center (VTIC) says it detected 961 cyberattacks, thought to primarily rely on the distributed denial of service (DDoS) technique, committed by “pro-Russian hackers” on Western countries in just half a year, in a report shared with local media in Portugal where it is based.
DDoS attacks occur when a threat actor remotely hijacks multiple machines and marshals them in a kind of ‘zombie army’ of computers aimed at flooding a target system with digital requests that cause it to shut down temporarily.
Defacement of websites is another favored tactic of Russian partisan hackers, as is the spread of disinformation online and other forms of internet sabotage, added VTIC.
As well as Killnet, another pro-Russian entity, known as the NoName057 (16) gang, was highlighted, though VTIC head and founder Bruno Castro said he could not prove that such hacktivism is sponsored by the state, rendering it “unclear” whether the Kremlin was directly responsible.
“There is no material that allows us to conclude that the groups are affiliated with the Kremlin, or [Russian intelligence bodies] the GRU and FSB. However, there is a very well-coordinated offensive strategy, in accordance with the interests of the Russian government,” said Castro.
What VTIC refers to as “the decentralized and often anonymous nature” of cyberwarfare makes it difficult to attribute responsibility for digital attacks carried out by partisans.
Who was targeted most?
VTIC analyzed 8,347 messages on communications app Telegram, finding 6,805 referring to Killnet and 1,542 referring to NoName.
The attacks focused primarily on state departments, banks, and military or defense bodies, with 371 mounted on those sectors in total. January saw the most intense concentration of cyberattacks, with 333 launched in that month alone.
The US and the Baltic countries bore the brunt of the attacks, with 41% of Killnet’s salvos aimed at the North American superstate and more than a third of NoName’s assaults focusing on Lithuania, Latvia, and Estonia. Poland was heavily targeted too, while NATO and the EU were singled out in 17 of the attacks.
“This study, based on detailed analysis of the daily phenomena we monitor from these groups, suggests that the targets will extend beyond Ukraine,” said Castro, referencing Killnet’s DDoS campaign against major US aiports last year.
He added: “All these DDoS attacks cause reputational and/or financial damage, many of them higher than we calculated. The report we presented sheds light on the development of capabilities, resources and disruptive power of these groups to attack states and contribute to the destabilization of societies.”
More from Cybernews:
Subscribe to our newsletter