Geopolitical Monitoring Report | January 20, 2023
Cyberattack on Germany Demonstrates the Sustained Risk Posed by Russian Hackers as the Conflict in Ukraine Grinds on.
The Kremlin-aligned hacktivist collective Killnet launched a series of DDoS attacks on German government, bank, and airport websites. The attacks began on January 25, shortly after German Prime Minister Olaf Scholtz announced the country would provide Leopard II tanks to Ukraine.
The hacktivist organization also claims that they have hacked the US Federal Bureau of Investigation and acquired information on “thousands” of agents. This second claim has not been verified.
Killnet previously launched several attacks on Lithuania following their decision to block goods from transiting to the Russian enclave of Kaliningrad from Russia proper, but despite the group’s clear alignment with Russian policy, the Kremlin has naturally denied any connection to the group’s activities.
The group’s activities have led to warnings that future attacks by Killnet targeting countries that are supporting Ukraine are possible as Russia continues its war in Ukraine.
Germany’s Federal Office for Information Security stated that the attacks had little tangible impact and that “no indications of direct effects on the respective service” if “ the usual protective measures are taken.” This means that this attack on German websites was likely conducted as a retaliation to Berlin’s decision to send and allow re-export of German-made Leopard II tanks.
These types of attacks will almost certainly occur again if additional shipments of military aid are approved – especially as Ukraine’s current requests for Western fighter jets – are announced. Future attacks by Killnet could escalate and could begin to target more individuals – similar to the hacking of information on US FBI agents that the group conducted – as Western governments continue their support of Ukraine.
In addition, additional Russian setbacks on the battle – should those occur – would almost certainly result in additional targeting of Western companies and organizations by groups such as Killnet.
Companies and organizations – especially those that operate critical infrastructure, such as transportation and banking – in countries that are providing military aid to Ukraine should maintain a heightened state of cyber vigilance and bolster their cyber intelligence capabilities for the duration of the conflict.
They should first conduct threat landscape assessments to identify any previous corporate data leaks and leaked assets that threat actors could use to target them. In addition, identifying discussions and threat chatter in dark web forums could help these organizations prepare for and mitigate potential attacks before they are launched.
Finally, investing in external, third-party attack surface monitoring and analysis will help potential victims prevent attacks and enhance their response in the event they are targeted.
Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.