Enlarge image
Campaign video by the Killnet hacktivists: »Campaign against various German websites from the private sector and research«
Photo: Killnet Telegram video
The Federal Office for the Protection of the Constitution warns German companies against further attacks by the pro-Russian hacker group "Killnet".
The patriotic hacktivists are currently "running a campaign against various German websites from the private sector and research," according to a current "security notice for the economy" by the Office for the Protection of the Constitution.
"Against the background of the political situation, further DDoS attacks against German websites are to be expected," it says.
Such DDoS attacks are overload attacks that are intended to paralyze websites through mass artificial calls.
Last week, the hacktivists posted a long list with the web addresses of various German "targets" on their channel on the Telegram messenger service - apparently as an appeal to their followers to target them more closely.
These include the websites of Postbank and Aareal Bank as well as clinics and universities.
However, when asked by SPIEGEL, Postbank stated that the company had not detected any DDoS attacks in the past two weeks.
From security circles it is said that the announced attacks on companies have not yet been followed by action on a large scale.
However, in the past few weeks, Killnet has attracted attention with attacks on the websites of German authorities, some of which have been successful.
The websites of the BKA and the federal police were the target of mass coordinated disruption attempts, while those of the state police in Baden-Württemberg and Hesse were temporarily unavailable.
According to an internal report by the authorities, the websites of the Bundestag, the Federal Ministry of Defense and the SPD website of Chancellor Olaf Scholz were also the target of attacks.
(Read more about the background of the pro-Putin hackers here.)
The Central Office for Combating Cybercrime at the Frankfurt am Main Public Prosecutor's Office has meanwhile started investigations into several of these attacks against German targets.
Successful attack after the Eurovision Song Contest
Killnet is also running similar campaigns against comparable targets in other European countries that support Ukraine – for example in the Czech Republic, Romania, and in individual cases also in the USA.
Last week, the hacktivists tried to disrupt the process and voting of the Eurovision Song Contest.
When that failed and Ukraine was victorious, the hacktivists published the web address of the Italian State Police as a new target.
With this attack, they apparently achieved their goal: the website was not accessible until Tuesday noon.
This suggests that Killnet is in fact in control of a botnet of any significant size, as claimed by the group.
In the past, those responsible had also offered it to third parties in order to attack targets they had chosen themselves.
Depending on the desired fire power and the duration of the attacks, they asked for between 50 and 3000 dollars.
However, the group is still "on a low technical level," according to security circles about the activities to date.
In its current warning letter, the Federal Office for the Protection of the Constitution rated the "Killnet" campaign as "comparatively harmless disruptive attacks" because so far they have only affected the accessibility of the website, but are not aimed at the internal systems of the authorities, companies and research institutions concerned.
"Activities that go beyond DDoS attacks cannot currently be determined," it says.
IT security experts rate the overload attacks as digital vandalism or compare it to sit-ins at demonstrations.
The "Killnet" campaign is part of a larger struggle between hacktivists surrounding the Ukraine war.
Shortly after it began, the Anonmymous collective officially declared “cyber war” on the Russian government in one of its signature campaign videos.
Since then, members of the loose movement have been attacking companies and government institutions in the Russian Federation.
Their activities range from overload attacks and the manipulation of websites and media content to large-scale digital intrusions and data theft.
In addition, immediately after the start of the war, Ukraine called for people to fight in their »Ukraine IT army«.
The associated Telegram channel now has more than 270,000 subscribers.
»Killnet« came out with a video about a week after the start of the war as a pro-Russian answer to this cyber mobilization.
Stylistically, the group copies Anonymous, but politically it blames Ukrainian President Volodymyr Zelensky for the war and supports Putin.
The Office for the Protection of the Constitution warns of blackmailers and espionage
In its statement on Tuesday morning, the Federal Office for the Protection of the Constitution also warned of the “Revil” ransomware group.
The group blackmails its victims after paralyzing their systems with so-called encryption Trojans.
(Read more about how »Revil« works here.)
The protection of the constitution also sees the danger of so-called "intelligence service initiation" for the German economy, as the Cologne authority announced on Tuesday.
This means that Russian secret services try to establish contact with employees in sensitive companies or research institutions in order to spy on them.
hpp/rom