The cyber attack rendered some Kentucky and Mississippi state webpages temporarily unavailable, and Colorado’s state web portal remains offline. Hacking group Killnet claimed credit for the disruptions and posted a list of targets on Telegram that included the sites, according to CNN.
Killnet’s attacks are known to be politically motivated, in favor of the Russian government. The group first emerged in January 2022 as a “cybercriminal hack-for-hire vendor,” then shifted attention in February to target entities in countries opposing Russia’s invasion of Ukraine, per Politico. Killnet is known for defacing victims’ websites with pro-Russia posts and using distributed denial of service (DDoS) attacks.
Amsterdam-based threat intelligence technology and services provider EclecticIQ’s Threat Research team said in a blog post today that Killnet appears to only have the capacity to launch DDoS attacks with short-term impact, and falls short of dealing lasting damage to victims’ network infrastructure.
“Analysts believe that Killnet supporters are novice users with zero or limited experience with DDoS attacks, based on an analysis of Telegram messaging data and open-source reporting,” EclecticIQ wrote.
Despite the hacking group’s political agenda, any direct ties between it and the Russian government currently are unknown, CNN reports.
In Colorado, the state created a temporary replacement webpage at the same URL to serve residents in the meantime, the Office of Information Technology reported in a press release. That temporary colorado.gov site directs residents to frequently used online services, including other state websites, which were not affected.
Ms.gov was also down for a period of time yesterday, although Mississippi has not yet responded to a GovTech question about the source of the disruption.
CNN found that Kentucky’s Board of Elections website was also down for part of the day Wednesday, though it is unclear if it was targeted in the attack campaign. Killnet did not specifically mention the website in its list of targets. The disruption of this website would have prevented would-be site visitors from viewing information about voting, but would not affect the processes of voting or vote tallying.
The Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) said in an email to election officials that any cyber disruptions to election sites appeared incidental rather than deliberately targeted.
