The same Russian threat actor this week Target Italian Parliament and Military Websites and threatened UK National Health Service (NHS) service disruptionEurovision Song Contest 2022 finals can now be marked with crosshairs.
The Killnet threat group threatened to “send 10 billion requests” to the Eurovision online voting system and “add votes to other countries”.
What is Killnet?
The pro-Kremlin killnet cybercriminal group boasts of conducting “military cyber training” to improve member skills, and most appear to engage in distributed denial of service (DDoS) attacks, though most are reasonably simple but destructive.
According to Threat Intelligence Expert at Cyjax, Killnet first appeared in March after the Russian invasion of Ukraine. Using the newly released ‘Killnet Botnet DDoS’ resource, the first target was a group of Anonymous hacktivists. This has to do with interfering with “anonymous websites”. Or at least it would have been if it had existed.
As Cyjax explains, there is no central Anonymous website. “It’s more likely that an independent Anonymous website was targeted to boost morale on the Russian side,” says Cyjax.
Killnet threatens to interfere with Eurovision 2022 final vote
an explicit attempt to prevent or interfere with online voting for Currently Eurovision’s favorite Kalush Orchestra in Ukraine, hinted that Killnet could target Eurovision servers. In a Telegram message, the group already claimed to have disrupted the voting system. Or rather, a DDoS botnet could be behind the early voting problem.
Russia could not participate in Eurovision 2022 after the invasion of Ukraine, and the Kalusi Orchestra said the victory would boost the morale of the Ukrainian people.
Eurovision spokesperson said The voting system will be no different this year in that regard, saying that “extensive security measures are in place to protect audience participation”.
Killnet also appears to be withdrawing the threat of the Eurovision 2022 final vote.
As with many groups of this type, if your site has unrelated technical difficulties, it can be difficult to separate claims of liability for service disruption from opportunism. Oddly enough, the Killnet group seems to distance themselves from the threat to the Eurovision final in the same message they make.
The group claimed on Telegram that Eurovision’s online voting servers were unprotected and threatened to “send 10 billion requests and add votes to other countries”. But “it makes no sense to affect online voting,” he said, adding that the further attack “is not worth the time.” Messaging is quite mixed, to say the least. The threat certainly exists, but it’s frankly impossible what it will be.
Eurovision 2022 organizers need to take additional special cybersecurity precautions this year.
Jake Moore, former head of digital forensics at Dorset Police in the UK and now global cybersecurity adviser to cybersecurity firm ESET, said: “It’s not surprising that we’ve been targeted by cyberattacks, especially when victory is intertwined with national pride. Additional special cybersecurity precautions must be taken this year to ensure that the voting system remains as robust as possible.” Moore said malicious actors have gone out of their way to disrupt the finals in every way possible, but “DDoS defense is a simple win, assuming the organizers do not underestimate the power of denial-of-service attacks.”