Pro-Russian hacking group claims it targeted a US tax payment site

The company behind a website that allows people to pay taxes to the IRS denied it was briefly knocked offline last Thursday afternoon after a Russian hacking group boasted of launching an attack against it.

The Killnet hacking group wrote on Telegram that it planned to attack payUSAtax, a platform the IRS recommends to those looking to pay their taxes. While the site appeared to be briefly offline for several minutes last week, the company running it said they were unable to verify if the interruption was tied to Killnet.

Eric Johnson, executive vice president of government & legal affairs, said the company was "unable to verify" that Killnet launched distributed denial-of-service (DDoS) attacks against the site.

"It’s possible that some such group performed a DDoS attack, as these are relatively common from both domestic and foreign sources. VPS constantly monitors system security and performance and there has been no hacking attempt or security breach related to payUSAtax.com," Johnson said.

"DDoS attacks, which attempt to slow or shut down websites and online systems, are relatively common. VPS utilizes state-of-the-art DDoS protection systems and protocols to deflect the impact of such attacks."

He added that the company is aware that government and related websites in the U.S. have recently experienced an increase in such attacks but denied that any data could have been accessed during an incident like this.  

"While these attacks may briefly affect the speed or availability of websites, they do not affect the security of our online systems or data," Johnson said.

"VPS has not experienced a data or security breech and payUSAtax.com does not retain taxpayer banking or credit card data after payment processing is completed."

The IRS said it was investigating the incident but noted that VPS is a private company that they do not control — the site is one of many options they include on their site for tax paying purposes.

On Thursday, Killnet took to its Telegram channel to boast of attacking the payUSAtax. The group has since made several unverified claims of launching DDoS attacks against a number of websites, including ones run by the New York Stock Exchange as well as others in Norway and Lithuania.

“PAYUSATAX I agree, it's too loud. Well, where and on what can we test our new mechanisms of influence? Accordingly, on the US and on the wallets of their government,” the group said last Thursday. “After all, they are rich boys, they allocate a billion dollars a week to all sorts of clown presidents of Ukraine.”

The Killnet group has previously launched a series of attacks on the websites of governments helping Ukraine in its effort to stop a Russian invasion.

The cyberattack on payUSAtax took place just days after Killnet took credit for a large cyberattack on several government institutions in Lithuania on Monday. 

The hackers said on Telegram that they launched the attacks after Lithuanian officials refused to allow steel, coal and other metals to be transported through the country to Kaliningrad due to European Union sanctions.

Ausra Vaitkeviciute, spokesperson for Lithuania’s Ministry of National Defence, told The Record that the DDoS (or distributed denial-of-service) attacks against the country were ongoing but noted that the scale of the attacks “was comparatively lower” than what was seen on Monday.

“There were fewer state information resources affected, partially due to the increased cyber defence measures and also because a large number of attacks were aimed at the private sector,” Vaitkeviciute said. 

“Killnet continues to announce new targets. Most of the affected resources were unavailable for a limited time and quickly restored operation.”

In April, a group launched DDoS attacks against several websites connected to government agencies and a bank in Romania.

Two weeks later, the same group used a similar method to attack the websites of Italy’s parliament, military and National Health Institute. 

Last week, Norway’s National Security Authority accused pro-Russian hackers of launching several DDoS attacks at a number of critical organizations in the country.