Killnet Gloats About DDoS Attacks Downing Starlink, White House

Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.

Killnet Telegram post screen capture
Source: Trustwave

Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion — Elon Musk's Starlink satellite broadband service and the websites of the White House in the US and the Prince of Wales in the UK. 

Researchers at Trustwave were able to find evidence corroborating the Russian-backed threat group's claims. 

Killnet claimed it took down Starlink service on Nov. 18, which has been critical for providing the Ukraine war effort with Internet connectivity. Indeed, Trustwave found Starlink customers on Reddit on the same day complaining they couldn't log in to their accounts for several hours. 

"You've been waiting for this comrades," Killnet posted on Telegram, according to Trustwave. "Collective DDoS attack on Starlink! No one can log into Starlink." 

Other threat groups, and known past Killnet collaborators, also claimed they were involved in the Starlink and other DDoS takedowns, including Anonymous Russian, Msidstress, Radis, Mrai, and Halva. 

White House, Prince of Wales' Websites Targeted 

Besides Starlink, Killnet also bragged that it was able to successfully run "30 minutes of a test attack" on the White House's website on Nov. 17. 

"Of course, we wanted to take longer, but did not take into account the intensity of the request filtering system," Killnet added. "But!!! The White House was banged up in front of everyone!" 

Trustwave added that the White House uses military-grade protection against DDoS attacks from Automattic. 

Days later, on Nov. 22, the group launched yet another DDoS attack, this time against the Prince of Wales' site, and warned that the UK healthcare system would be next, the Trustwave team reported. Killnet also threatened future attacks against the London Stock Exchange, the British Army, and more. 

Along with its claim of the UK DDoS attack, Killnet added ominously, "today it does not work, perhaps this is due to the supply of high-precision missiles to Ukraine!" 

Although the targets are ambitious, Trustwave said Killnet and its cybercrime cohort aren't advanced enough to pull off more than basic DDoS attacks. 

"We should expect to see more of these low skill attacks from Killnet targeting an ever-growing list of targets that it considers to be in opposition to Russian interests," Trustwave said in its Tuesday report on the Killnet DDoS attacks. "However, it remains to be seen whether the group can graduate to attacks that cause damage, exfiltrate data, or do more than take down a website for a short period of time."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights