#GermanyRIP. Kremlin-loyal hacktivists wage DDoSes to retaliate for tank aid

A iteration of what happens when a site is shut down by a DDoS attack.
Expanding / A iteration of what happens when a site is shut down by a DDoS attack.

Attackers loyal to the Kremlin are stepping up their attacks to aid in their invasion of Ukraine, with denial-of-service attacks hitting German banks and other organizations and unleashing a new devastating data wiper in Ukraine. increase.

Germany’s BSI agency, which monitors cybersecurity in Germany, said the attack caused a minor outage but ultimately caused little damage.

“Some websites are currently inaccessible,” BSI said in a statement to the news agency. “There are currently no indications of a direct impact on their respective services and, according to BSI’s assessment, these are unexpected when normal protective measures are in place.”

The distributed denial of service attack, commonly referred to as DDoS, appears to have been carried out in retaliation for the German government’s allowing the supply of advanced Leopard 2 tanks to Ukraine. Researchers at security firm Cado Labs said Wednesday that Russian-language hacktivist groups, including one calling themselves Killnet, have called on their members to launch DDoS attacks against targets in Germany. The campaign, which began on Tuesday when the Leopard 2 tank decision seemed imminent, used the hashtag #ГерманияRIP, which translates to “#GermanyRIP.”

Messages quickly followed from other Russian-speaking groups claiming attacks against websites of major German airports, including Hamburg, Dortmund, Dresden and Düsseldorf. German development agency GIZ; German National Police site. Deutsche Bank; online payment system Giropay; It’s unclear if either attack was successful in shutting down the site.

Meanwhile, another group calling themselves “Anonymous Sudan” also supported Killnet, claiming responsibility for DDoS attacks against the websites of Germany’s foreign intelligence services and the German Cabinet.

“Cyber ​​attackers have been able to respond quickly to geopolitical events, as seen in the Russian-Ukrainian war, successfully uniting and mobilizing like-minded groups,” said Cado Labs. the researcher writes. “The involvement of a group claiming to be the Sudanese version of Anonymous is noteworthy as it demonstrates the Russian-language hacktivist group’s ability to undertake this mobilization and cooperation at the international level.”

Kilnets emerged shortly after Russia’s invasion of Ukraine. In June of last year, the Lithuanian government announced that it had implemented a number of security measures on the country’s critical infrastructure, including part of the Secure National Data Transfer Network, which will help implement Lithuania’s strategy to ensure national security in cyberspace. It took credit for a “violent” DDoS attack. Discussions on the Killnet Telegram channel at the time indicated that the attack was in retaliation for the Baltic governments’ closure of shipping routes to Russia earlier that month.

In September, security firm Mandiant said it found evidence that Killnet had indirect ties to the Kremlin. Specifically, Mandiant researchers found that Killnet coordinated some of its activities with his group called Xaknet, and that Xaknet coordinated some activities with threat actors in Russia’s Principal Intelligence Agency (GRU). said.

In related news, on Friday researchers at security firm Eset report Another Kremlin-backed threat actor known as The Sandworm has unleashed an unprecedented data wiper against Ukrainian targets.The destructive malware, called SwiftSlicer, is written in the Go programming language. , overwrite the data with randomly generated blocks of 4096 bytes.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *