Russian hacking group Killnet has claimed responsibility for disrupting communications between NATO and other organisations providing earthquake relief in Turkey and Syria.
The devastating earthquake has claimed at least 28,000 lives and efforts continue to pull victims from the rubble. Countries and NGOs worldwide dispatched resources to provide humanitarian aid, including aircraft with transport and airlift capabilities.
Strategic Airlift Capability (SAC) is a multi-national organisation which relies on NATO for conducting airlifts. The organisation is currently transporting search-and-rescue gear to help the disaster zone and was among those impacted by Killnet’s cyberattack.
Here’s a message posted by Killnet leader KillMilk in a Telegram channel:
All major Russia-affiliated groups joined the effort shortly after:
Killnet and other hacking groups disrupted communications between NATO aircraft and others providing humanitarian aid in the disaster zone.
Muhammad Yahya Patel, Security Engineer at Check Point Software, commented:
“Again Killnet is causing disruption through DDoS attacks as opposed to a full offensive attack to garner publicity.
By targeting NATO and Strategic Airlift Capability, they were clearly trying to disrupt the humanitarian efforts in place to support the Turkey and Syria crisis response. This has been their MO for some time, and I am sure we haven’t seen the last of these attempts.
It would be wise for all businesses but, in particular, those with public-facing services, to strengthen their defences to ensure they remain operational.”
One of SAC’s C-17 aircraft was warned of the disruption in a message sent via the ACARS (Aircraft Communications Addressing and Reporting System) network. In the message, the aircraft’s personnel were told that NATO’s NR network had been hit with a DDoS.
“NATO cyber experts are actively addressing an incident affecting some NATO websites. NATO deals with cyber incidents on a regular basis, and takes cyber security very seriously,” said a NATO official.
NATO’s website also went offline. However, it was down for just a couple of hours before it was restored.
Jake Moore, Global Cybersecurity Advisor at ESET, said:
“Killnet is attempting to make some noise online, building its profile and endeavouring to disrupt organisations where possible, especially those in support of Ukraine. Now we are seeing them hone in on dedicating attacks on NATO, but – when specialising in DDoS attacks – the attacks are usually easier to defend against.
Denial-of-service attacks are often not seen in the same light as a cyberattack where data is stolen due to the disruption induced. Although access denial to a website can be frustrating, this can be mitigated with simpler efforts such as reducing the attack surface area and deploying firewalls for sophisticated application attacks.
When data is not stolen, the threat is immediately reduced, but this is not to suggest that the attacks will not have an impact on the use of the website.
DDoS attacks can also be the gateway to more serious cyberattacks also so it would be vital for NATO to step up security nevertheless.”
NATO has previously warned that cyberattacks could trigger a collective response. However, it’s ambiguous what would constitute such a response and what it would look like.
DDoS attacks that don’t directly put lives at risk will likely trigger a similar cyber response. Attacks targeting hospitals, transport networks, energy, certain military sites, and other such infrastructure that could directly cause loss of life or irreparable damage are more likely to cross a red line that escalates beyond a cyber response.
“If you take an example of the Russians accidentally, or on purpose, knocking out public services or power for a NATO-aligned country … if you consider the fact that cyber warfare can have detrimental effects – quite real tangible effects – then there’s no reason why it couldn’t escalate into a military response,” explained Andrew Egoroff, Senior Cybersecurity Specialist at ProcessUnity, in an interview.
Many clashes are also happening between hacker groups. Killnet, for example, is known to have clashed with the Western-backing collective Anonymous.
Then there’s the in-fighting within hacking collectives. A member of the Conti ransomware group, believed to be Ukrainian, leaked Conti’s internal chats after a leader posted a pro-Russian message after the country invaded Ukraine.
“The Conti Team is official announcing a full support of Russian government,” the group leader wrote in the message that angered Ukrainian members.
“If any body will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy.”
Around 288,000 cyberattacks were estimated to have been launched against Ukraine in the first 10 months of 2021 alone.
Citizens and businesses of countries that have supplied Ukraine with equipment and/or sanctioned Russia for launching its war of aggression have been encouraged to take “pre-emptive measures” to defend themselves against cyberattacks.
(Image Credit: UK-ISAR Team under CC BY 2.0 license)
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.