XakNet

Threat Actor updated 7 months ago (2024-05-04T18:17:27.068Z)

Download STIX

Preview STIX

XakNet is a notable threat actor, potentially aligned with Russian interests, that has been implicated in various cyber attacks. This group emerged prominently during Russia's conflict with Ukraine and the subsequent ban on Russia from the 2022 FIFA World Cup. The Russian government was suspected of encouraging or tacitly approving disruptive attacks by nationalistic Russian "hacktivist" groups like XakNet. These groups served as useful proxy forces to further Russia's strategic objectives while providing plausible deniability. In 2023, XakNet was identified as one of the most active Russian Advanced Persistent Threats (APTs), indicating its significant cyber capabilities. This group, along with others such as KillNet and Cyber Army of Russia, have been linked to information operations against Western organizations and entities. Their activities are likely aimed at stoking fear or decreasing support for Ukraine. Notably, XakNet launched a distributed denial-of-service (DDoS) attack on the Israeli parliament's website in retaliation for Israel providing intelligence information on Iranian drones to Ukraine. These actions demonstrate XakNet's willingness to target high-profile entities and its capability to execute complex cyber attacks. The increasing activity of pro-Russian hacktivist groups like XakNet is a response to the sanctions imposed on Russia and other support provided by the U.S. and its allies to Ukraine. Most of their activities consist of Distributed Denial-of-Service (DDoS) attacks. Researchers have suggested that these groups, including XakNet, act as fronts to share information obtained illegally by state-backed groups, further highlighting their potential ties to Russian security services. Given their demonstrated capabilities and aggressive tactics, XakNet and similar groups represent a significant cyber threat.

Description last updated: 2024-05-04T17:41:55.722Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Cyber Army of Russia is a possible alias for XakNet. The Cyber Army of Russia, a threat actor believed to be linked to the notorious Sandworm group, has been active in carrying out malicious cyber activities since 2022. The group, also known as the Cyber Army of Russia Reborn (CARR), has been particularly involved in a series of low-impact distributed	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Russia

Ddos

Ukraine

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The KillNet Threat Actor is associated with XakNet. Killnet is a threat actor or group with potential ties to the Russian government, known for its disruptive cyber-attacks. This group has been linked to several politically motivated attacks, including a significant assault on the Israeli government's website leading to its paralysis. Killnet has als	is related to	3

Source Document References

Information about the XakNet Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Ukraine's IT army is a world first: Here's why it is an important part of the war
CERT-EU	a year ago	At least 23 Russian hacker groups targeted Ukraine in 2023, Ukraine’s cyber defense says
Recorded Future	2 years ago	Dark Covenant 2.0: Cybercrime, the Russian State, and War in Ukraine \| Recored Future
CERT-EU	a year ago	Israeli hospital redirects new patients following ransomware attack
CERT-EU	a year ago	Killnet Tries Building Russian Hacktivist Clout With Media Stunts
CERT-EU	a year ago	Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine
Flashpoint	2 years ago	For Money and Attention: Killnet Apparently Reorganizes Again
CERT-EU	2 years ago	War in Ukraine triggering increased threat of Russian cyberattacks
BankInfoSecurity	2 years ago	Ukraine Tracks Increased Russian Focus on Cyberespionage
Recorded Future	2 years ago	Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar \| Recorded Future
Flashpoint	2 years ago	Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals
Recorded Future	2 years ago	Fielding Threats: Cyber, Influence, and Physical Threats to the 2022 FIFA World Cup in Qatar \| Recorded Future
CERT-EU	2 years ago	Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists