HC3 Analyst Note TLP Clear Pro-Russian Hacktivist Group Killnet Threat to HPH Sector December 22, 2022

Executive Summary

HC3 is closely tracking hacktivist groups which have previously affected a wide range of countries and industries, including the United States Healthcare and Public Health (HPH) sector. One of these hacktivist groups—dubbed ‘KillNet’—recently targeted a U.S. organization in the healthcare industry. The group is known to launch DDoS attacks primarily targeting European countries perceived to be hostile to Russia, and operates multiple public channels aimed at recruitment and garnering attention from these attacks.


KillNet is a pro-Russian hacktivist group, active since at least January 2022, and known for its DDoS campaigns against countries supporting Ukraine; especially NATO countries, since the Russia-Ukraine war broke out last year. DDoS is the primary type of cyber-attack employed by the group, which can cause thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems. While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days. Although KillNet’s ties to official Russian government organizations, such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR), are unconfirmed, the group should be considered a threat to government and critical infrastructure organizations, including healthcare.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA


(O) +1 202 626 2272