The same Russian threat actors who this week targeted Italian military and parliamentary websites and threatened to disrupt UK National Health Service (NHS) services, could now have the 2022 Eurovision Song Contest final on the internet. look.
The Killnet threat group has threatened to “send 10 billion requests” to the Eurovision online voting system and “add votes to some other country”.
What is Killnet?
The pro-Kremlin cybercriminal group Killnet boasts of conducting “military cyber exercises” to improve members’ skills, it appears to be primarily involved in reasonably simple, albeit disruptive, Distributed Denial of Service (DDoS) attacks.
According to threat intelligence experts at Cyjax, Killnet first emerged in March following the Russian invasion of Ukraine. Using the recently released ‘Killnet Botnet DDoS’ resource, their first target was the hacktivist collective Anonymous. This involved disrupting “the Anonymous website”. Or, at least, he would have if such a thing existed.
As Cyjax explains, there is no central Anonymous website. “It is more likely that a generic standalone Anonymous website was intended to boost morale on the Russian side,” says Cyjax.
Killnet threatens to disrupt Eurovision 2022 final voting
In an apparent attempt to prevent or disrupt online voting for Ukraine’s current Eurovision favorites, the Kalush Orchestra, Killnet has hinted that it could target Eurovision servers. In a Telegram message, the group claimed to have already disrupted the voting system. Or, rather, that the DDoS botnet could be behind the previous voting difficulties.
Russia was banned from competing in Eurovision 2022 following the invasion of Ukraine, and the Kalush Orchestra has stated that a victory would be a morale boost for the people of Ukraine.
A Eurovision spokesman said the voting system has “a wide range of security measures to protect audience participation” and this year will be no different in that regard.
Killnet also seems to withdraw the threat to the final vote of Eurovision 2022
As with many of these types of groups, it can be difficult to separate outage liability claims from opportunism when sites have unrelated technical difficulties. Strangely, the Killnet group seems to be distancing themselves from these threats to the Eurovision final in the same message that they make them.
The group posted on Telegram claiming that the Eurovision online voting servers were unprotected and threatened to send “10 billion requests and add votes to some other country”. However, he also stated that “there is no point in influencing online voting” and that further attacks are “not worth it”. The message is quite mixed, to say the least. The threat certainly exists, though, frankly, it’s unlikely to amount to anything.
Eurovision 2022 organizers should take special cybersecurity precautions this year
Jake Moore, former head of digital forensics at Dorset Police in the UK and now a global cyber security adviser at the ESET cyber security team, says: “It is not surprising that it has also become a target for a cyber attack. , particularly when winning is so intertwined with national pride.” Naturally, Eurovision organizers should take special cybersecurity precautions this year if they want to ensure that the voting system remains as robust as possible.” Moore went on to say that malicious actors are keen to disrupt the final in any way possible, but that “DDoS protection is a simple win, assuming the organizers don’t underestimate the power of a denial-of-service attack.”