Killmilk

Threat Actor updated 23 days ago (2024-11-29T13:36:32.207Z)
Download STIX
Preview STIX
KillMilk, a threat actor and leader of the hacking group Killnet, has been identified as Nikolai Serafimov, a 30-year-old Russian citizen. KillMilk has been instrumental in consolidating Russian hacktivist groups under Killnet's leadership, amassing a following of 8,000 members on his personal Telegram channel. Notably, he exposed the identity of Raty, the head of Anonymous Russia, leading to their apprehension by Belarusian authorities. Furthermore, KillMilk announced the inclusion of Anonymous Sudan into the Killnet cluster after they attacked Sweden and Denmark for an incident involving the burning of the Quran. In recent activities, KillMilk claimed responsibility for a DDoS attack on Telegram Messenger and was reported to have plans to target hospital organizations with denial of service attacks. He also played a role in the cyberattack on Ukraine’s largest mobile operator Kyivstar, described as “the biggest cyberattack on telco infrastructure in the world.” The Black Skills PMHC project is another initiative led by KillMilk, aiming to create a new structure of hacktivism across the Russian community and transition from altruistic attacks to paid orders from private and public entities. However, KillMilk recently announced his retirement, appointing "Deanon Club" as his successor. Deanon Club has expressed intentions for large-scale recruitment for the KillNet team, with a focus on targeting government financial facilities, encryption firms, and the gambling sector. Despite his retirement, KillMilk's influence remains significant, with his successor stating, “Killmilk and I have been friends for a long time, and this is the person who brought me to the masses.”
Description last updated: 2024-05-04T17:56:51.710Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
KillNet is a possible alias for Killmilk. Killnet is a threat actor or group with potential ties to the Russian government, known for its disruptive cyber-attacks. This group has been linked to several politically motivated attacks, including a significant assault on the Israeli government's website leading to its paralysis. Killnet has als
6
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Ddos
Russia
Flashpoint
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Anonymous Russia Threat Actor is associated with Killmilk. Anonymous Russia, a malicious software (malware), has been associated with significant cyber-attacks, accounting for more than 30% of such incidents. This malware is affiliated with other hacktivist groups including Killnet, MIRAI, Venom, and has been involved in promoting Passion. Anonymous Russia,Unspecified
3
The Black Skills Threat Actor is associated with Killmilk. Black Skills is a newly established Private Military Hacking Company (PMHC), announced by Killmilk, the leader of the Russian hacktivist collective Killnet, on March 13, 2023. The initiative, launched via Telegram, appears to be an effort by Killnet to establish itself as a corporate entity and furtUnspecified
3
Source Document References
Information about the Killmilk Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
Flashpoint
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securelist
a year ago
CERT-EU
2 years ago
DARKReading
2 years ago
Flashpoint
2 years ago