Home / Threat Actors / Killnet Threat Actor Profile

Killnet Overview

Killnet is a pro-Russian hacktivist group that engages in hacktivism and other hacking operations. The group gained notoriety during the first month of the Russia-Ukraine conflict when they began a widespread, although relatively unsophisticated, campaign of distributed denial-of-service (DDoS) attacks, political rhetoric, and misinformation.

The group primarily utilises DDoS attacks and website defacement to target nations that support Ukraine. They have been active in targeting various countries, including Ukraine, Lithuania, Poland, Romania, Germany, Australia, and the United States. Killnet has been known to use social media and messaging platforms such as Telegram to communicate and coordinate their attacks. They have also been linked to other threat actor groups such as Anonymous Russia and Anonymous Sudan.

Killnet has claimed responsibility for various attacks on government and civilian entities, including military organisations, healthcare, marine terminals and logistics facilities, other forms of transportation, and online trading systems. Furthermore, reporting indicates that Killnet is expanding its sphere of influence by merging lesser groups (such as Zarya, Phoenix, Anonymous Russia, Anonymous Sudan and Infinity Hackers BY) into its circle that share the same goals of action on behalf of Russia.

This is likely designed to enhance the effectiveness of their attacks as it becomes increasingly difficult for targets to determine when and from which group to expect an attack to originate from.

Killnet has recently rebranded as ‘Black Skills’, which has been classified as a “private military hacking company”. While their credibility is generally considered low, Killnet remains a cause for concern as they provide a blueprint for other groups to become paid “hackers for hire”.

Sources indicate that cyber operations undertaken by Killnet have had minimal to intermediate impact, as their attack efforts often only last for a brief period of time and sometimes even fail whilst in mid-operation . Although Killnet are not considered to be as impactful as other threat actor groups, they still implement persistent mechanisms via DDoS attacks and so are a legitimate threat. Killnet’s operations tend to be sporadic and compulsive in nature with direct links to the developing landscape of the Russia-Ukraine conflict. Killnet’s primary impact is therefore related to manipulating the cognitive perception of, and narrative surrounding, the war, whilst demonstrating their DDoS capabilities through media exposure and propaganda.

Targeted Sectors

Killnet have historically targeted organisations that hold strong visibility within the public eye which are associated with nations opposing Russia’s invasion of Ukraine. Additionally, organisations that make up the Critical National Infrastructure (CNI) of these nations are almost certainly desired targets based on the objective of maximum impact. The following areas have witnessed targeting by Killnet since the group’s inception:

  • Government services
  • Government websites
  • Media and news outlets
  • Healthcare applications
  • NATO allies.

Threat Actor Motivations

The motives of Killnet can be evaluated by observing the strategies they apply within the context of their campaigns.

Based on Killnet’s activity and historical rhetoric, it is highly likely that their goals align with those of the Russian government as the group has sought support from the Russian parliament, the Duma, and potential links between the Kremlin and Russian cyber threat groups targeting Ukraine have been identified.

However, despite their nationalistic agenda, Killnet has primarily been driven by financial motives, leveraging the Russian pro-Kremlin media ecosystem to promote its DDoS-for-hire services.

The Quorum Cyber Threat Intelligence team provides threat actor profiles so that you can better understand cybercriminals’ tactics, techniques, and procedures (TTPs).

Download your Killnet report to read all the details today.