Killnet is a pro-Russian hacktivist group that engages in hacktivism and other hacking operations. The group gained notoriety during the first month of the Russia-Ukraine conflict when they began a widespread, although relatively unsophisticated, campaign of distributed denial-of-service (DDoS) attacks, political rhetoric, and misinformation.

The group primarily utilises DDoS attacks and website defacement to target nations that support Ukraine. They have been active in targeting various countries, including Ukraine, Lithuania, Poland, Romania, Germany, Australia, and the United States. Killnet has been known to use social media and messaging platforms such as Telegram to communicate and coordinate their attacks. They have also been linked to other threat actor groups such as Anonymous Russia and Anonymous Sudan.

Killnet has claimed responsibility for various attacks on government and civilian entities, including military organisations, healthcare, marine terminals and logistics facilities, other forms of transportation, and online trading systems. Furthermore, reporting indicates that Killnet is expanding its sphere of influence by merging lesser groups (such as Zarya, Phoenix, Anonymous Russia, Anonymous Sudan and Infinity Hackers BY) into its circle that share the same goals of action on behalf of Russia.

This is likely designed to enhance the effectiveness of their attacks as it becomes increasingly difficult for targets to determine when and from which group to expect an attack to originate from.

Killnet has recently rebranded as ‘Black Skills’, which has been classified as a “private military hacking company”. While their credibility is generally considered low, Killnet remains a cause for concern as they provide a blueprint for other groups to become paid “hackers for hire”.

Sources indicate that cyber operations undertaken by Killnet have had minimal to intermediate impact, as their attack efforts often only last for a brief period of time and sometimes even fail whilst in mid-operation . Although Killnet are not considered to be as impactful as other threat actor groups, they still implement persistent mechanisms via DDoS attacks and so are a legitimate threat. Killnet’s operations tend to be sporadic and compulsive in nature with direct links to the developing landscape of the Russia-Ukraine conflict. Killnet’s primary impact is therefore related to manipulating the cognitive perception of, and narrative surrounding, the war, whilst demonstrating their DDoS capabilities through media exposure and propaganda.

Download this report