Pro-Russian DDoS attacks raise alarm in Denmark, U.S.

Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups are causing alarm in the U.S. and Denmark after several incidents affected websites of hospitals and government offices in both countries. 

On Tuesday, Denmark announced that it was raising its cyber risk alert level after weeks of attacks on banks and the country’s defense ministry

“We are again raising the threat level for cyber risk against Denmark, among other things on the basis of pro-Russian activist hacker groups' high level of activity against NATO countries, including Denmark, as well as their increased capacity,'' Denmark's Centre for Cyber Security said on Twitter.

The center said the DDoS incidents — which involve routing a deluge of page requests at target websites — are increasing in power and severity while also growing in overall numbers. 

Following the announcement, the website for the country’s Centre for Cyber Security was knocked offline, and an alert explaining the decision was also unavailable. 

Since Russia began its invasion of Ukraine 11 months ago, hacking groups like Killnet and NoName057 have targeted an array of government institutions, businesses and organizations across Europe and the United States. 

On Monday, Killnet directed DDoS traffic against the websites of dozens of U.S. hospitals, forcing the the U.S. Department of Health and Human Services to publish an alert warning healthcare institutions about the group’s tactics. 

“It is likely that pro-Russian ransomware groups or operators, such as those from the defunct Conti group, will heed Killnet’s call and provide support. This likely will result in entities Killnet targeted also being hit with ransomware or DDoS attacks as a means of extortion, a tactic several ransomware groups have used,” HHS warned. 

Swimlane’s Daniel Selig noted that the DDoS incidents took place days after U.S. President Joe Biden announced that the U.S. would be sending 31 Abrams tanks to Ukrainian forces. 

Selig added that last week, several financial organizations, airports and government offices in Germany were targeted in a similar way after their announcement of additional military support for Ukraine. 

“It goes without saying that cyberattacks on hospitals and medical centers are some of the most dangerous — these attacks have the ability to knock systems offline in their entirety and keep patients from receiving the care that they require,” he said.

While DDoS attacks typically do not cause major or lasting damage, they can cause service outages that span several hours or even days.

Akamai published a report on Tuesday that found DDoS incidents in Europe increased 73% in 2022, with more campaigns now involving extortion tactics. They warned that DDoS attacks are now increasingly being used as cover for actual intrusions involving ransomware and data theft. 

Aleksandr Yampolskiy, CEO of SecurityScorecard, noted that groups like Killnet run popular channels on the Telegram app where they recruit new members and teach other hackers DDoS skills. Killnet’s channel has more than 92,000 subscribers.

Groups like Killnet are able to muster so much DDoS traffic in part because they exploit vulnerable devices online. Yampolskiy said Killnet typically target routers from MikroTek that are either misconfigured or vulnerable, and the group also takes advantage of the proliferation of IoT devices across the world. Everything from internet-connected baby cameras to smart refrigerators can be a potential target.

In December, the Justice Department announced the seizure of 48 domains used by the leading DDoS-for-hire services — websites that allow users to pay hackers to flood targets with page requests. But HHS said it is unclear if “this law enforcement action might impact Killnet which turned its DDoS-for-hire service into a hacktivist operation earlier this year.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.