Since the beginning of the Russia-Ukraine war, hacktivism has resurged. The various hacktivist groups have pledged their allegiance to either nation. One such group is Killnet which has emerged as a significant threat. This pro-Russia gang has been tirelessly conducting attacks against Ukraine and NATO countries. Let us see how it works.

Diving into details

  • Killnet emerged as a tool to launch DDoS attacks, which was first made available in January this year.
  • As per its ad on the Killnet Telegram channel, customers could conduct Layer 3/4 or Layer 7 DDoS attacks. Moreover, they could rent a botnet for $1,350 per month, with a capacity of 500Gbps and 15 computers. 
  • After taking down its second version in March, it reemerged as a hacktivist group.
  • The developers started performing DDoS attacks against nations supporting Ukraine or the ones against Russia. It now has over 100,000 subscribers on its Telegram channel.

Attack techniques

According to the Italian CSIRT, the group’s attacks are classified into three phases -
  • Phase 1 involves IP Fragmentation and DNS Amplification attacks and high frequency of packs in TCP-SYN, UDP, TCP SYN/ACK.
  • Phase 2 involves IP Fragmentation followed by previous attack types.
  • Phase 3 involves volumetric attacks and state exhaustion. While it lasts longer, it has a lower frequency. 

Killnet’s attacks peak at 40Gbps and last for over 10 hours. Other techniques include ICMP Flood, TCP SYN Flood, NTP Flood, and LDAP Connectionless.

The bottom line

Attacks by Killnet are usually announced on its Telegram channels prior to conducting them, it is imperative that organizations monitor these channels regularly. Furthermore, use anti-DDoS solutions to guard their systems against such attacks.
Cyware Publisher