Russia-based Killnet group has been observed increasingly launching DDoS attacks against healthcare organizations hosted in Azure since November 2022. While most of these attacks temporarily led to the suspension of websites, they have become a matter of concern for U.S. law enforcement agencies.
In January 2023, the HHS published an analyst note about the Killnet’s activity while mentioning that the group was behind the attack on a healthcare organization that supports members of the U.S. military.
The hacker group was established following the Russia-Ukraine war in February 2022 and spent most of the last year launching DDoS attacks against governments and organizations across the globe.
A glance at Killnet’s latest activity
Researchers at Microsoft observed that the group had launched several DDoS attacks against healthcare organizations between November 2022 and February 2023.
- The highest number of these attacks were launched in February, targeting hospitals, pharma, life science, healthcare insurance, and health services in more than 25 states.
- While a majority of these attacks were below two million packets per second, the highest was recorded at five million packets per second.
Attack tactics
Killnet typically tried two different tactics to launch attacks.
- One of them involved creating many connections and keeping them alive for as long as possible to render a website useless.
- The other tactic was to establish as many new connections as possible over a short period of time to drain resources.
- Among the other tactic leveraged by the group included the use of DDoS scripts and stressors, botnets, and spoofed attack sources.
- Attack vectors included TCP, SYN, TCP ACK, and packet anomalies.
Conclusion
As per researchers, the Killnet healthcare DDoS campaign indicates that the operators are reaching out to other hacking groups that are either using multiple botnets or different attack methods. Meanwhile, the CISA has prioritized the issue as they seek to protect critical infrastructure in healthcare organizations. Additionally, organizations can refer to the recommended measures shared by the CISA and the FBI to promptly respond to DDoS attacks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/ad70_shutterstock_1994747234.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/996c_shutterstock_1754062274.jpeg)
