Killnet Threatens “Lockheed Martin Terrorists” With More Cyberattacks
Killnet, which has already claimed responsibility for the August 1 DDoS attack on Lockheed Martin, is now threatening to target the aerospace and defense giant until its operations are crippled.
Russia-based cybercriminal group Killnet is still not happy about Lockheed Martin provisioning the Ukrainian war effort against Russia. According to The Moscow Times, Killnet, which has already claimed responsibility for the August 1 DDoS attack on the American company, is now threatening to target the aerospace and defense giant until its operations are crippled.
Lockheed Martin seems to have recovered from the distributed denial of service (DDoS) attack considering its website is accessible. However, something that previously went unreported is that Killnet could have obtained Lockheed Martin data.
To prove they have said data, the cybercriminal syndicate provided a sneak peek into what they could possibly have. Louise Ferrett, the threat intelligence analyst at Searchlight Security, provided Spiceworks with his attack analysis.
“Killnet shared a video on their Telegram group this morning (August 11) with what appears to be Lockheed Martin employee names, email addresses, and phone numbers, with pictures of people – presumably the employees – overlaid,” Ferret told Spiceworks.
“They also uploaded two spreadsheets with the following message in Russian ‘For those who have nothing to do, you can email Lockheed Martin Terrorists – photos and videos of the consequences of their manufactured weapons! Let them realize what they create and what they contribute to’.”
Killnet Message on Telegram | | Source: Louise Ferrett
“Cross-referencing a sample of the data it does appear that they are or were genuine Lockheed employees, however that does not necessarily confirm that the company was breached. For example, this could be a re-hash of old or open source data in an attempt to undermine the organization and intimidate its employees.”
Lockheed Martin is the designer-cum-manufacturer of the M142 High Mobility Artillery Rocket System (HIMARS), a rocket artillery launcher and tactical ballistic missile system supplied to Ukrainian armed forces at the behest of the U.S. government.
Cyberspace has emerged as one of the new, albeit virtual, theaters of conflict in modern-day geopolitical turmoil. However, what’s novel about the Ukraine-Russia conflict is that this is the first time cybercriminal entities have publicly taken sides.
Since the onset of the conflict in February 2022, Killnet, Conti, APT28 (Cozy Bear), GhostWriter, RedCult, IT Army of Ukraine, GhostSec, and scores of other underground cybercriminal entities, including state-sponsored ones, have backed one of the other Slavic countries.
See More: 5 CISO Approved Security Best Practices Amid Russia-Ukraine Conflict
As of August 8, 2022, 45 underground threat actors are backing Ukraine, while Russia has the support of 43.
🚨🚨UPDATE 17. 08 AUG. #cybertracker 🚨🚨
93 Groups – Highest ever.
45 Pro-Ukraine – 43 Pro-Russia – 5 Unknown.
14 added and 10 removed.Tips? DM's open.#cybersecurity #infosec #RussiaUkraineWar #UkraineRussiaWar #Russia #Ukraine #CyberAttack https://t.co/QUQRf14YeU pic.twitter.com/qdcUzp0qva
— CyberKnow (@Cyberknow20) August 8, 2022
Killnet, which backs Russia, said the supply of M142 HIMARS is enabling “the criminal authorities of the Kyiv regime to kill civilians, destroy the infrastructure and social facilities of the still temporarily occupied Ukraine.”
Killnet’s warning to Lockheed Martin comes on the same day that Ukraine launched a military offensive in Crimea, attacking and destroying at least nine fighters stationed at Russia’s Saky airbase, approximately 110 miles in Russian territory. It is unclear whether the Ukrainians used the M142 to carry out the rocket strikes.
Lockheed Martin denied it was breached. A spokesperson of the defense manufacturer said, “We are aware of the reports and have policies and procedures in place to mitigate cyber threats to our business. We remain confident in the integrity of our robust, multi-layered information systems and data security.”
According to S.C. Media, Killnet founder Killmilk stated: “Soon, I and Killnet will launch powerful attacks on European and American enterprises, which will indirectly lead to casualties. I will do my best to make these regions and countries answer for each of our soldiers.”
Killnet has previously claimed attacks against hacktivist group Anonymous (sided with Ukraine) in May 2022 for launching DDoS attacks against Russian government sites, against Eurovision, Latvian and Italian private organizations in May 2022, and targeted Lithuanian government and private organizations in June 2022 for blocking goods to Kaliningrad, the only ice-free port of Russia.
These include Supreme Administrative Court, the Central State Archives, and the Electronic Declaration System. It has also claimed attacks on airports, telecommunications companies, and gas stations in Lithuania.
Killnet has also declared war against ten countries, including the U.S., Estonia, Germany, Poland, and Romania.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON CYBERWARFARE AMID THE RUSSO-UKRAINIAN CONFLICT
- Chinese and Belarusians Join Russian Hackers in Attacks on Ukrainian and E.U. Agencies
- Russian-Ukraine Conflict: Shining a Spotlight on Critical Infrastructure Security
- Ukraine-Russia Conflict: Can Russia Unplug Itself From the Global Internet?
- What’s the Way Ahead in the Ukraine-Russia Influenced Cyberwar?
