On April 5, 2023, the U.S. Department of Health & Human Services (HHS), Office of Information Security, Health Sector Cybersecurity Coordination Center issued an HC3 Analyst Note report discussing the pro-Russia hacktivist group, KillNet, and its activities in targeting the United States health and public health (HPH) sector since December 2022. Per HHS:
On January 28, 2023, KillNet and its affiliates conducted numerous coordinated DDoS [distributed denial-of-service] attacks, targeting HPH organizations in the U.S. and several NATO countries, apparently, in retaliation for the allocation of tanks to and in support of Ukraine. Active since at least January 2022, KillNet is known for conducting DDoS campaigns against multiple critical infrastructure sectors in countries that support Ukraine in the war between Russia and Ukraine or appear to be “anti-Russia.” Although their primary type of cyber-attack method usually does not cause major damage, it can cause service outages to vulnerable systems lasting several hours or even days. Whereas many hacktivist groups abstain from targeting HPH organizations, the group has dispassionately targeted hospitals and medical organizations across the sector.
HHS noted that, although many DDoS campaigns may last only several hours or several days, “the range of consequences from these attacks on the HPH sector can be significant, threatening routine critical day-to-day operations.” In late January 2023, KillNet and its affiliates conducted a series of coordinated DDoS attacks, targeting HPH organizations such as health care systems (covering multiple hospitals), lone hospitals, and medical centers, including Level I trauma centers. In March 2023, a DDoS attack was made on a laboratory, blood, and pharmaceutical sub-industry organization.
Although “[t]here is no single action that can protect an organization from cyber threat groups, such as KillNet,” HHS provided in the report “a sample of mitigations, countermeasures, indicators of compromise, and other courses of action from various cybersecurity organizations and governmental publications as a guide to better prepare” HPH organizations against threats.
