The hackers have revealed their intentions in a video. Should institutions have concerns?
Killnet, Anonymous Sudan, and REvil are threatening to launch a “destructive” attack against the entire European financial system within the next 48 hours, beginning with the SWIFT international communications system. Yesterday, the triumvirate published a video in which they retaliated against Europe for its role in aiding Ukraine in its conflict with Russia. KillNet is notorious for its potent distributed denial-of-service (DDoS) attacks, according to security researchers who told Tech Monitor that financial institutions should be on “high alert” for an attack, even if it seems unlikely.
The attacks may have been authorised by the Russian government, as all three groups have a history of ties to the security service GRU.
Killnet REvil and Anonymous menace SWIFT in 48 hours with a destructive attack.
Yesterday, Killnet and Anonymous Sudan, a faction of the Anonymous hacktivist movement, published a video and multiple Telegram messages announcing that a “destructive attack” on the European banking system will begin in 48 hours. The Federal Reserve of the United States could also be targeted, according to the post.
REvil is mentioned in the videos, but its involvement appears to be minimal. The individual in the video appears in anonymous fashion, complete with Guy Fawkes mask and masked voice. He questions, “If God rules Russia, then who rules Europe?” “That’s correct!” The monetary system. No money, no weapons, no Kiev regime,” insinuating a politically motivated attack against Europe for its participation in the Ukraine conflict.
Here is footage released by “REvil” and Killnet about taking down the European banking system.
Since when did REvil ransomware group go on camera and publicly disclose their plans prior to attack? And why is “REvil” wearing a Slipknot mask? pic.twitter.com/2LaQLHQZKe
— vx-underground (@vxunderground) June 14, 2023
This form of political posturing is typical of Killnet, which has previously threatened NATO and its allies for their anti-Russian posture.
The video describes an imminent attack, citing REvil’s expertise in the European banking structure, and issues a call to arms for “all active groups” to “engage in destructive activities” against the European financial sector, specifically SWIFT, which is used by international banks to facilitate communication. After the conflict in Ukraine began in 2014, Russian institutions were barred from using SWIFT.
Tech Monitor has reached out to SWIFT for comment but has not yet received a response as of the time of publication.
This was just posted @UK_Daniel_Card 😲 pic.twitter.com/bResVcC8GY
— Dodge This Security (@shotgunner101) June 14, 2023
As a precaution, the claims must be taken seriously, according to Allan Liska, chief of the cybersecurity response team at the security firm Recorded Future. Liska asserts that KillNet and Anonymous Sudan are believed to be fronts for the Russian government. “They are receiving support from the GRU at the very least,” he explains.
Killnet, an organisation that specialises in DDoS attacks, took down the website of the European Parliament for several hours in November. During the conflict, it has also struck Ukraine’s allies Lithuania and Japan. DDoS attacks are comparatively simple to execute, but significantly less damaging than other cyberattack varieties.
“All we’ve seen so far from these groups are DDoS attacks, but they’re really good at it,” says Liska. “I would be on high alert if I were managing the SWIFT network, regardless of whether they have figured out a way to DDoS it or, which is less likely, gain access and bring the entire system down.”
Is the attack the threat?
According to Charles van der Walt, head of security research at Orange Cyberdefense, this threat to the financial system might be the culmination of an effort aimed at manipulating public opinion. “These attacks are designed to instill fear, uncertainty, and doubt,” he argues. The terminology employed is frequently propaganda-based, with claims that they are taking down systems “for the people,” or that their purpose is to alter things for the better or to combat a specific ideology.”
Van der Walt emphasises that we are witnessing a continual movement towards “cognitive attacks,” which attempt to use cyber activities to change public opinion rather than collect data or money.
“In today’s already volatile geopolitical environment, it can create the perception of more attacks, which serves to destabilise or amplify an already sensitive climate,” Van der Walt added.