KillNet

Threat Actor Profile Updated 8 days ago
Download STIX
Preview STIX
Killnet is a threat actor group, potentially aligned with the Russian government, that has been involved in various malicious cyber activities. The group is suspected to be a part of a broader network of nationalistic Russian "hacktivist" groups and ransomware operators, possibly encouraged by the Russian government, especially after Russia was banned from participating in the 2022 FIFA World Cup due to its war against Ukraine and strained relations with Qatar. Killnet has been linked to several high-profile attacks, including the paralysis of the Israeli government website and a significant DDoS attack on the UK's Royal Family official website in October 2023. It has also joined forces with other pro-Russian hacker groups like UserSec to target NATO. In addition to these targeted attacks, Killnet has been recognized for its role in the surge of application attacks, which rose by 79% YoY in 2023 and constituted 25% of all DDoS attacks. Despite this rise, it's important to note that not all claims made by Killnet about their attacks are accurate, as they often exaggerate or fabricate these claims for notoriety or ego-boosting purposes. Nonetheless, the group's activities underscore hackers' adaptability in the face of advanced cybersecurity tools. The group's influence extends beyond direct attacks, as seen in its collaboration with other pro-Russian entities such as the REVIL ransomware group. Moreover, Killnet has launched multiple DDoS attacks against governments supporting Ukraine, including Moldova, Italy, Romania, the Czech Republic, Lithuania, Norway, and Latvia. On social media platforms like Telegram, Killnet and similar groups have amassed thousands of followers, who can be mobilized to conduct DDoS attacks. Furthermore, the Infinity forum seems to serve as a fundraising and recruitment platform for Killnet and its allies, bridging the gap between beginner hacktivists and financially motivated cybercriminals.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Killmilk
5
KillMilk, a threat actor and leader of the hacking group Killnet, has been identified as Nikolai Serafimov, a 30-year-old Russian citizen. KillMilk has been instrumental in consolidating Russian hacktivist groups under Killnet's leadership, amassing a following of 8,000 members on his personal Teleg
Black Skills
3
Black Skills is a newly established Private Military Hacking Company (PMHC), announced by Killmilk, the leader of the Russian hacktivist collective Killnet, on March 13, 2023. The initiative, launched via Telegram, appears to be an effort by Killnet to establish itself as a corporate entity and furt
XakNet
3
XakNet is a notable threat actor, potentially aligned with Russian interests, that has been implicated in various cyber attacks. This group emerged prominently during Russia's conflict with Ukraine and the subsequent ban on Russia from the 2022 FIFA World Cup. The Russian government was suspected of
Black Listing
3
Black Listing, a threat actor group also known as Killnet, emerged in the cybersecurity landscape with malicious intent. This group has been particularly active since late 2022 and early 2023, when they partnered with Deanon Club to conduct Distributed Denial of Service (DDoS) attacks against severa
Cyber Army of Russia
2
The "Cyber Army of Russia" is a collective of pro-Russia hacktivist groups, including Turla, XakNet, KillNet, NoName057(16), and Anonymous Russia. These groups utilize malware to exploit and damage systems, often infecting them via suspicious downloads, emails, or websites. Once inside a system, the
Infinity Forum
2
Infinity Forum is a threat actor group associated with Killnet and its allies. Established as a project to raise funds for these groups, it serves a dual purpose: expanding their capabilities and numbers while also facilitating the interaction between novice hacktivists and financially driven cyberc
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ddos
Russia
Telegram
Ransomware
Denial of Se...
denial-of-se...
Sudan
Ukraine
russian
Cybercrime
Proxy
Botnet
Healthcare
Israel
Azure
Nato
Extortion
Health
State Sponso...
Mandiant
European
Germany
Malware
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ContiUnspecified
3
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
REvilUnspecified
3
REvil, a Russia-based group, was a prominent player in the Ransomware as a Service (RaaS) model that gained traction through 2020. The group was notorious for its high-profile attacks on critical infrastructure entities in the US between 2019 and 2021. REvil's modus operandi involved hacking into vi
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Anonymous Sudanis related to
6
Anonymous Sudan, a threat actor group, has been identified as the malicious entity behind several notable Distributed Denial of Service (DDoS) attacks. A threat actor can be an individual, a private company, or part of a government entity that executes actions with malicious intent. Anonymous Sudan'
Anonymous RussiaUnspecified
3
Anonymous Russia, a malicious software (malware), has been associated with significant cyber-attacks, accounting for more than 30% of such incidents. This malware is affiliated with other hacktivist groups including Killnet, MIRAI, Venom, and has been involved in promoting Passion. Anonymous Russia,
SiegedsecUnspecified
2
SiegedSec, a threat actor group known for their hacktivist activities, has been escalating its international cyber attacks throughout 2023. This group, which could consist of a single person, a private company, or part of a government entity, is responsible for executing actions with malicious inten
NoName057Unspecified
2
NoName057 is a threat actor group known for its pro-Russian stance and execution of cyber-attacks with political motivations. In August 2023, the group made headlines when it launched Distributed Denial of Service (DDoS) attacks against multiple Czech banks and the Czech stock exchange. These attack
Deanon ClubUnspecified
2
Deanon Club, a threat actor group, emerged as a significant entity in the cybersecurity landscape through its collaborations with Killnet, another threat actor group. The two groups have been involved in multiple malicious activities, including distributed denial-of-service (DDoS) attacks on several
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the KillNet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Flashpoint
a year ago
Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective
DARKReading
a year ago
Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows
DARKReading
a year ago
Pro-Islam Hacktivists Likely a Front for Russia's Killnet
Flashpoint
a year ago
Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama
Flashpoint
a year ago
Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals
Flashpoint
a year ago
For Money and Attention: Killnet Apparently Reorganizes Again
CERT-EU
a year ago
Killnet DDoS attacks against healthcare dip as identity risks tick up
Securityaffairs
a year ago
Pro-Russia hacker group Killnet targets NATO websites with DDoS
Securityaffairs
a year ago
Experts published a list of proxy IPs used by the group Killnet
CERT-EU
10 months ago
Killnet Tries Building Russian Hacktivist Clout With Media Stunts
CERT-EU
a year ago
Final Act? Killnet Rallies Attackers to DDoS NATO Targets
CERT-EU
10 months ago
Killnet as a private military hacking company? For now, it's probably just a dream
DARKReading
10 months ago
KillNet's Kremlin Connection Unclear as the Cybercrime Collective Grows
CERT-EU
a year ago
Meet Killnet, Russia’s hacking patriots plaguing Europe – POLITICO | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
7 months ago
Israeli-Palestinian Conflict: Multifaceted Alliances and Fierce Cyberspace Battle
Flashpoint
a year ago
‘Black Skills’ Is Killnet’s Attempt to Form a ‘Private Military Hacking Company’
Malwarebytes
a year ago
KillNet hits healthcare sector with DDoS attacks
Securityaffairs
a year ago
Pro-Russia hackers DDoSed the EUROCONTROL agency
Securityaffairs
a year ago
Pro-Russia Killnet group hit Dutch and European hospitals
CERT-EU
a year ago
‘Black Skills' Is Killnet's Attempt to Form a ‘Private Military Hacking Company' – Global Security Mag Online