Hacktivism: How Cyberattacks are Used as Weapons in Today’s World
By Dominic Brunaccioni
Even aid missions are subject to hackers in today’s world. On February 13, 2023, a 7.8 magnitude earthquake in Türkiye brought “hacktivism" and its use as a weapon to the world’s attention. While attempting to provide emergency support to the hundreds of thousands devastated by the earthquake, the North Atlantic Treaty Organization (NATO) fell victim to a cyber attack organized by the Russian hactivist group, “Killnet.” The resulting disruption took websites temporarily offline and the obstruction of private communication servers impacted NATO’s Strategic Airlift Capability (SAC) and delayed its relief efforts.
Hactivists differ from other hackers in that they are primarily motivated by politics or social issues rather than monetary gain. Killnet is not directly affiliated with the Russian government but the group’s ideology does closely align with Moscow’s foreign policy ambitions, including: Russian aggression in Ukraine, impeding democratic institutions and vilifying pro-EU politicians in former Soviet-bloc countries, and attacking/trolling Western cyber institutions.
Killnet first gained prominence in 2022 for its open support of Russia’s invasion of Ukraine. It began to scale up its campaign of Distributed Denial of Service (DdoS) and Denial-Of-Service (DoS) attacks across (NATO), European Union (EU) institutions and nation-state members, as well nations aspiring to join the EU.
Killnet has targeted both institutions and countries. In March 2022, Killnet took responsibility for temporarily disabling Connecticut’s Bradley International Airport’s website. Killnet’s subsequent social media statement that mentioned U.S. President Joe Biden by name clearly indicated that this was not a random cyber-attack, but rather politically motivated in response to U.S. support of Ukraine.
The Republic of Moldova, an EU-aspiring nation, has experienced an escalating series of cyber attacks over the past year at the hands of Killnet and other Russian-aligned Hacktivist groups. In February, Moldovan President Maia Sandu unveiled the Kremlin’s scheme to topple the government which featured cyberwarfare as one of the main components of the Russian plot that would have led to a coup according to Moldovan officials. This intelligence, originally intercepted by Ukraine, has since been denied by Russia. But, the waves of cyberattacks experienced by Moldova, and other European nations, over the summer and fall, have Killnet and other Moscow-aligned hacktivist/Russian government hacking groups at the center of this destabilization plan.
The Moldovan Security and Intelligence Service (SIS) reported that Killnet consistently target Chișinău, Moldova’s capital, as early as May of 2022, with reports of DDoS attacks against Moldovan government websites. Over the summer, Moldova was flooded by more than 60 fake bomb threats, created by Russian and Belarusian IP addresses, oftentimes targeting Chișinău International Airport (KIV). Currently, the airport is the center of an intelligence investigation spurred by the leaked Russian plans which implied an invasion of Moldova and the seizure of the airport. Ironically enough, after KIV airport faced a summer’s worth of fake bomb threats, Moldovan officials are considering destroying the airport themselves, if Moscow invades the country. As attacks escalated, Killnet took down Moldova’s State Fiscal Service website briefily and vowed to do a week-long attack on Premier Energy, an energy supplier based in Chișinău. The following month, Killnet hacked into about 80 Moldovan state computer systems for the purpose of disrupting the government’s information resources. Earlier this year, the Moldovan government was flooded by over 1,330 malicious emails with malware links as part of a phishing scam.
Hacktivist groups have made it clear that they are just as capable of achieving disruption and interference as the Kremlin’s own cyber organizations. Although hacktivists are typically irregular and asymmetric groups, they have proven persistent in their efforts. Killnet has trolled the Moldovan cyber security complex to the point that several European Union institutions have begun offering cyber training to not only the Moldovan government but also to small and medium-sized business owners in the country.
Hacktivist groups are not afraid to take aim at high targets and often do succeed, like the NATO DDoS situation proved. It can also gain them notoriety, with Killnet mentioned in a speech by Secretary General Jens Stoltenberg. This is even more concerning because analysts believe that Killnet is not professionally trained and can only sustain DDoS attacks for short periods of time.
This raises crucial questions. How can a relatively untrained group of non-state actors take down a NATO website with such ease? How is this standard acceptable in the current cyber environment? What does the success of these groups say about the potential damage that could be inflicted by properly trained hacktivists?
What is clear is that today’s state institutions around the world are still not prepared against even the rudimentary aggressor, who can easily spot and exploit vulnerabilities. The remedies for Moldova, include increased fluency in cyber policy and protections against cyberterrorism and cyberwarfare, which have shot up in demand, and are very hard to come by in country. This gap will likely be further widened by the Kremlin and hacktivist groups alike, as cyber vulnerabilities in frontier and aspiring EU states continue to be unaddressed by policymakers and multilateral institutions. Hacktivism is becoming an increasingly powerful weapon in hybrid warfare. It is important to understand the motives behind these attacks and prepare to defend against them.