Killmilk

Threat Actor updated 5 months ago (2024-05-04T18:19:23.869Z)

Download STIX

Preview STIX

KillMilk, a threat actor and leader of the hacking group Killnet, has been identified as Nikolai Serafimov, a 30-year-old Russian citizen. KillMilk has been instrumental in consolidating Russian hacktivist groups under Killnet's leadership, amassing a following of 8,000 members on his personal Telegram channel. Notably, he exposed the identity of Raty, the head of Anonymous Russia, leading to their apprehension by Belarusian authorities. Furthermore, KillMilk announced the inclusion of Anonymous Sudan into the Killnet cluster after they attacked Sweden and Denmark for an incident involving the burning of the Quran. In recent activities, KillMilk claimed responsibility for a DDoS attack on Telegram Messenger and was reported to have plans to target hospital organizations with denial of service attacks. He also played a role in the cyberattack on Ukraine’s largest mobile operator Kyivstar, described as “the biggest cyberattack on telco infrastructure in the world.” The Black Skills PMHC project is another initiative led by KillMilk, aiming to create a new structure of hacktivism across the Russian community and transition from altruistic attacks to paid orders from private and public entities. However, KillMilk recently announced his retirement, appointing "Deanon Club" as his successor. Deanon Club has expressed intentions for large-scale recruitment for the KillNet team, with a focus on targeting government financial facilities, encryption firms, and the gambling sector. Despite his retirement, KillMilk's influence remains significant, with his successor stating, “Killmilk and I have been friends for a long time, and this is the person who brought me to the masses.”

Description last updated: 2024-05-04T17:56:51.710Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
KillNet is a possible alias for Killmilk. Killnet is a pro-Russian threat actor group that has gained notoriety for its disruptive cyber-attacks on various government entities. The group's activities peaked in July 2022 when it targeted multiple government resources in Poland, including the Ministry of Foreign Affairs, Senate, Border Contro	6

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ddos

Russia

Flashpoint

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Anonymous Russia Threat Actor is associated with Killmilk. Anonymous Russia, a malicious software (malware), has been associated with significant cyber-attacks, accounting for more than 30% of such incidents. This malware is affiliated with other hacktivist groups including Killnet, MIRAI, Venom, and has been involved in promoting Passion. Anonymous Russia,	Unspecified	3
The Black Skills Threat Actor is associated with Killmilk. Black Skills is a newly established Private Military Hacking Company (PMHC), announced by Killmilk, the leader of the Russian hacktivist collective Killnet, on March 13, 2023. The initiative, launched via Telegram, appears to be an effort by Killnet to establish itself as a corporate entity and furt	Unspecified	3

Source Document References

Information about the Killmilk Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	UK Royal Family Website Hit by DDoS Attack from KillNet
CERT-EU	a year ago	Killnet Tries Building Russian Hacktivist Clout With Media Stunts
BankInfoSecurity	a year ago	Cyber Info-Sharing Guide for Healthcare Sector Updated
CERT-EU	10 months ago	New support mechanism launched to strengthen Ukraine’s cyber defenses
CERT-EU	10 months ago	Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator
CERT-EU	10 months ago	Leader of Russian hacktivist group Killnet ‘retires,' appoints new head
BankInfoSecurity	a year ago	KillNet DDoS Attacks Further Moscow's Psychological Agenda
Flashpoint	2 years ago	Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals
CERT-EU	a year ago	Royal family website ‘targeted in Russian cyberattack’
CERT-EU	a year ago	Rules of engagement issued to hacktivists after chaos
CERT-EU	a year ago	Russian Hacktivism Takes a Toll on Organizations in Ukraine, EU, US
CERT-EU	a year ago	‘Black Skills' Is Killnet's Attempt to Form a ‘Private Military Hacking Company' – Global Security Mag Online
DARKReading	a year ago	KillNet Claims DDoS Attack Against Royal Family Website
CERT-EU	a year ago	Cyber Attack on Louisiana Vehicle Owners data and Royal Family Website crash by Russia - Cybersecurity Insiders
CERT-EU	a year ago	Hacktivist or just hacker: Compromising morals for money
CERT-EU	a year ago	APT trends report Q2 2023 – GIXtools
Securelist	a year ago	APT trends report Q2 2023
CERT-EU	a year ago	War in Ukraine triggering increased threat of Russian cyberattacks
DARKReading	2 years ago	Pro-Islam Hacktivists Likely a Front for Russia's Killnet
Flashpoint	a year ago	For Money and Attention: Killnet Apparently Reorganizes Again