Russian hackers took responsibility for a wave of cyber attacks that knocked dozens of state government websites offline.
Several states, including Colorado, Connecticut, Kentucky, and Mississippi, were impacted by the politically-motivated cyber attacks that began on Wednesday, October 6th.
The cybercrime gang that claimed responsibility is a Russian-speaking hacktivist group Killnet which uses distributed denial of service (DDoS) attacks to knock its targets offline.
The hackers posted images of a mushroom cloud and political slogans, including “F*ck NATO” during the hacking campaign dubbed “USA Offline.”
State government websites resumed operations after widespread DDoS attacks
Most state government websites impacted by the DDoS attacks had resumed operations by Thursday morning, although Colorado’s government portal remained inaccessible.
Colorado state government officials said they took the state’s website offline after a cyber attack by “an anonymous suspected foreign actor.”
They promised that the Office of Information Technology and State Emergency Operations Center were actively working to restore the state government portal.
Although the state government homepage was unavailable, online services were still accessible.
Subsequently, the state created a temporary website with links to online services without providing a timeframe for restoring the original website.
“Currently, there is no estimated timeline for bringing the Colorado.gov homepage back online,” Colorado Governor’s office said in a statement. “While the homepage is down, online access has not been compromised and services remain available.”
It’s unclear whether all the state government websites posted on the Russian hackers’ Telegram channel were knocked offline during the DDoS campaign. Other targets in the list included government websites in Alabama, Alaska, Delaware, Florida, Hawaii, Idaho, Indiana, and Kansas.
Erich Kron, a security awareness advocate at KnowBe4, indicated that the internet allows miscreants to wreak havoc and make bigger public statements.
“In the case of these state government websites, the disruption of service, while inconvenient, is far less of a problem than a data breach involving the theft of personally identifiable information.”
Such incidents eroded public trust in the organizations whose websites were impacted regardless of the nature of the attacks, Kron added.
The disruption of state government services risked causing social unrest and a shift in public opinion regarding the war. Additionally, foreign-funded political groups could capitalize on the opportunity and question why locals should suffer from a conflict in a foreign country.
Russian hackers did not target election infrastructure
US authorities are on heightened alert as the country prepares for the November midterm elections. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) had warned of election-related attacks that could cause large-scale disruptions or prevent American voters from casting their ballots.
However, this cyber attack did not appear to target the voting infrastructure, as CNN reported citing the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC). The security watchdog group warned that voting platforms could be indirectly impacted. FBI and CISA have not issued a statement on the attack.
Coincidentally, the Kentucky Board of Elections website that provides voter registration information went offline during the attacks. However, the Russian hackers did not take responsibility for any particular website.
Killnet Russian hackers stepped up attacks against western governments
The pro-Russian gang has stepped up attacks since the invasion of Ukraine, with the group claiming responsibility for several attacks on government entities.
In July 2022, Killnet Russian hackers were responsible for shutting down the United States Congress website. The hacking group also targeted the Baltic state of Lithuania after halting shipments to the Russian enclave of Kaliningrad. The Russian hackers also targeted Lockheed Martin Corporation for supplying the M142 High Mobility Artillery Rocket System (HIMARS).
In April 2022, cybersecurity authorities from the Five Eyes Alliance had warned of potential disruptive attacks against critical infrastructure by various DDoS groups, including Killnet, the CoomingProject, and WIZARD Spider.
Aaron Sandeen, CEO and co-founder of Cyber Security Works (and former State of Arizona CIO) said such attacks exposed gaps that could be exploited.
“Hackers are constantly evolving and creating new techniques, which means organizations need to be proactive in their security strategies,” Sandeen added. “Asset discovery, continual scanning, and frequent penetration testing are all necessary actions to stay one step ahead of attackers.”
Killnet began as a financially-motivated group before evolving into a politically-motivated group targeting countries opposing Russia’s military activity. Although the group executes cyber attacks to support the Russian government, its association with the Kremlin remains a mystery.