Killnet targets Eastern Bloc government sites, but fails to keep them offline
Image: Martin Sanchez
Alexander Martin November 7, 2022

Killnet targets Eastern Bloc government sites, but fails to keep them offline

Killnet targets Eastern Bloc government sites, but fails to keep them offline

Websites belonging to several state intelligence agencies across the former Eastern Bloc are online and functioning despite attempted distributed denial-of-service (DDoS) attacks from a pro-Kremlin group over the weekend.

The hacking group Killnet, which for months has targeted government agencies and companies that criticize Russia or support Ukraine, listed the sites for the intelligence services of Estonia, Poland, Romania, Bulgaria, and Moldova on its Telegram channel, suggesting it had successfully targeted them.

However, any outages if they occurred appear to have been extremely brief and the sites are now all functioning normally.

Bulgaria’s interior minister, Ivan Demerdzhiev, dismissed the significance of the attack, saying it was an “image attack aimed at creating certain moods and certain results in public attitudes” and reminded people that the website for the NATO and European Union member’s intelligence agency was not connected to its operational IT services.

Bulgaria’s prosecutor-general, Ivan Geshev, previously said Killnet was behind a “large-scale” attack on Bulgarian government websites in October. Killnet claimed the attack was a punishment “for betrayal to Russia and the supply of weapons to Ukraine.” 

The group, which has not displayed any sophisticated capabilities since emerging in February, primarily aims to target websites and organizations that will garner media attention.

Cybersecurity experts have told The Record that the media coverage around these attacks is often disproportionate considering they cause no lasting damage and do not allow the attacker access to sensitive information.

In an industry notice published on Friday, the FBI said it was “aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success.”

“These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service,” the notice added.

Alexander Martin is the UK Editor for The Record. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.