In an announcement on Telegram, the Russian KillNet hacker group claimed to have targeted NATO with DDoS attacks, stolen plain-text login credentials and used them to create accounts on a gay dating portal in Kyiv and Moldova.
KillNet, a pro-Russian group of hacktivists, has claimed responsibility for a series of Distributed Denial of Service (DDoS) attacks on NATO’s cyberinfrastructure and breaching its security to steal data.
According to the group, KillNet claims it carried out cyberattacks that resulted in the “paralysis” of 40% of NATO’s electronic infrastructure.
The group made the announcement on its Telegram channel, where it listed its targets and leaked NATO email addresses and plain-text passwords that it claimed to have stolen from NATO School, apparently the NATO School Oberammergau (NSO).
In addition to the data leak, KillNet also shared a screenshot showing that it had used the alleged stolen login credentials to register 150 email addresses on a gay dating portal in Kyiv and Moldova, suggesting a possible motive of embarrassment or blackmail.
The tactics employed by KillNet should not come as a surprise, as both sides in the conflict between Russia and Ukraine have been utilizing social engineering skills in their efforts to gain advantage over each other.
Just last week, Hackread.com reported how Ukrainian hacktivists lured Russian military wives into a “patriotic photoshoot” and successfully extracted personal and Russian military-related details during the process.
This highlights the use of such tactics by both sides in the ongoing cyber warfare, where hacktivist groups like KillNet and Ukrainian counterparts are leveraging social engineering techniques to gather sensitive information and disrupt their adversaries.
Here’s what KillNet had to say on its Telegram about their latest attack on NATO. The following text was translated from Russian to English using the Yandex translation bot on Telegram.
40% of NATO's electronic infrastructure was paralyzed due to hackers from KillNet. Cybergospoda put the sites of defence orders, provision and support of the alliance and another pack of sites, without which it will be difficult to work normally. Resources are being put under DDoS attacks right now, it is impossible to log in to accounts. The sites of the command for the development of combat operations, the NATO agency for support, support and procurement, and training cyber centres were distributed. And the NCI agency was hacked for sweet, from where they stole all the personal data of employees (a portal for people making important political decisions). And this means that at least in the near future, comrades will drink water at the cooler and, clutching their heads, try to return the data.
KillNet first emerged amid the ongoing Russian invasion of Ukraine, positioning itself as a counter-attack force against the hacktivist group Anonymous. Since then, KillNet has targeted private businesses and critical government websites around the world, including the United Kingdom and Lithuania, among others.
This is not the first time KillNet has claimed data theft from high-profile targets. In December 2021, the group claimed responsibility for stealing data from FBI agents, and in August 2022, it claimed to have stolen employee data from Lockheed Martin, a leading defence contractor.
The cyber attacks by KillNet highlight the ongoing threat of hacktivist groups and cyber warfare in today’s geopolitical landscape. NATO and other organizations must continue to prioritize cybersecurity and take proactive measures to safeguard their sensitive data from such attacks.
The increasing frequency and sophistication of cyber attacks pose significant challenges to governments, businesses, and individuals alike, and underscore the need for robust cybersecurity measures and international cooperation to combat cyber threats.