Killnet

KillNet is a Russia-affiliated, pro-Russian hacktivist group active since the start of Russia’s 2022 invasion of Ukraine. It is primarily associated with distributed denial-of-service (DDoS) operations against Western and Ukraine-supporting targets, including government entities, critical infrastructure, airports, financial institutions, media, and other public-facing services. Multiple sources in the content describe KillNet as favoring DDoS attacks and using bot-based denial-of-service activity; one report contrasts it with NoName057(16) by noting KillNet also includes dedicated sub-groups using IoT botnet infrastructure such as Mirai. The content also states that before the war, the name Killnet referred to a DDoS tool offered on the dark web, and that the group reportedly made extensive use of that tooling and rented botnets. The group has been linked in the content to attacks or claimed attacks against Lithuania, Latvia, Romania, Estonia, Czechia, Germany, the UK, the US, Israeli targets, and the Eurovision Song Contest website. Examples directly mentioned include DDoS attacks against Lithuanian government and business websites after restrictions affecting Kaliningrad transit; claimed attacks across more than 20 critical infrastructure targets in Czechia, Estonia, Latvia, Poland, the UK, and the US between 15 and 22 April 2022; a claimed attack against a U.S. airport in March 2022; attacks against Romanian government websites; and claimed responsibility for making the Israeli government website unreachable on October 8, 2023. Estonia attributed major August 2022 DDoS activity to KillNet, and the group claimed it blocked access to more than 200 Estonian state and private institutions. The content places KillNet among Russia-aligned cybercrime or hacktivist actors that publicly pledged support for Russia and threatened cyberattacks against entities supporting Ukraine. It is repeatedly described as Russia-linked, Russia-based, or pro-Russia. Several reports note that KillNet emerged as one of the most visible pro-Russian hacktivist groups in 2022 and later expanded targeting from Ukraine to broader Western and NATO-aligned organizations. KillNet is also described as collaborating or affiliating with other pro-Russian actors. The content mentions KillNet affiliates, references collaboration with Anonymous Sudan against Israeli cyber infrastructure, and cites assessments that Anonymous Sudan is likely a sub-group of or closely tied to KillNet. KillNet is also mentioned alongside Sandworm, XaKnet/XakNet, Cyber Army of Russia Reborn, and NoName057(16) in the broader pro-Russian threat ecosystem.