These Russian threat actors, who this week attacked the Italian Parliament and Military websites and threatened to disrupt U.K. National Health Service services, may now be targeting the Eurovision Song Contest 2022 final.
Killnet has threatened to send 10 billion requests to the Eurovision online voting system, and to “add votes to any other country.”
What is Killnet?
Pro-Kremlin Killnet cybercriminal organization boasts of conducting “military Cyber Exercises” to improve members skills. However, it appears that most of its members are involved in fairly straightforward, but disruptive, Distributed Denial of Service (DDoS), attacks.
According to threat intelligence specialists at Cyjax Killnet was first discovered in March after the Russian invasion Ukraine. It first targeted the Anonymous hacktivist group using the newly launched “Killnet Botnet DDoS” resource. This meant that “the Anonymous website” was disrupted. It would have been, if there was such a thing.
Cyjax clarifies that there is no anonymous central website. Cyjax explains that it is more likely that an anonymous generic website was created to boost morale of the Russian side.
Killnet threatens Eurovision 2022 final vote disruption
The Kalush Orchestra has suggested that Killnet could target Eurovision servers in an apparent attempt to disrupt or prevent the online voting for Eurovision favorites from Ukraine. The group claimed that they had already disrupted the voting process in a Telegram message. Or, perhaps, the DDoS Botnet could be responsible for earlier voting difficulties.
Russia was barred from participating in Eurovision 2022 after the invasion of Ukraine. The Kalush Orchestra stated that a win would boost the morale of the Ukrainian people.
A spokesperson for Eurovision stated that the voting system uses “a wide variety of security measures to protect audience participation”, and that this year’s will not be any different.
Killnet appears to have also pulled the threat of Eurovision 2022 final vote voting
It can be difficult to distinguish between claims of responsibility for service interruptions and opportunism, as it is with many of these groups. Bizarrly, Killnet seems to be ignoring those Eurovision final threats in the same way that it sends them.
Telegram group claimed that Eurovision’s online voting servers were not protected and threatened to send “10 Billion requests” and add votes to another country. It also said that it was not logical to influence the online vote and that further attacks were “not worth the effort.” It is mixed messaging to say the least. Although the threat is there, it is not clear if it will be of any real consequence.
Organisers of Eurovision 2022 should take extra cybersecurity precautions in this year’s edition
Jake Moore, former head of digital forensics at Dorset Police, U.K., and now global cybersecurity advisor at cybersecurity outfit ESET says that it is not surprising that the contest has been a target of a cyberattack. This is especially because winning is so closely tied to national pride. If they want to keep the voting system as secure as possible, Eurovision organizers need to take extra cybersecurity precautions. Moore stated that although malicious actors may try to disrupt the final, “DDoS protection can be a win provided organizers don’t underestimate the power and impact of a denial–of-service attack.”