A list of proxy IPs used by Killnet and other network spamming gangs to target unsuspecting users means it is now possible to prevent the attack to some degree.
Killnet is a hacker group that has openly supported the Russian invasion of Ukraine. Although many other groups are siding with Russia in the ongoing conflict, Killnet is definitely one of the most prominent ones.
The U.S. government has warned about an expected increase in Killnet’s network flooding attacks using DDoS bots against health clinics and hospitals. The warning comes after Killnet claimed responsibility for attacks against fourteen US hospitals’ websites, forcing them to go offline in late January of 2023.
The impacted facilities include the University of Michigan Hospitals and Health Centers, Stanford Hospital, Duke University, and Cedars-Sinai. Other targets of Killnet’s DDoS attacks include the FBI (allegedly), the European Parliament, businesses in the United Kingdom, Lockheed Martin (allegedly), the Lithuanian government, and more.
SecurityScorecard’s threat researchers have created and released online a list of proxy IPs used by Killnet and other network spamming gangs to target unsuspecting users. It is now possible to prevent the attack to some degree.
The Killnet blocklist is available on GitHub and has around 17,746 IP addresses listed. According to the threat analysis firm, SecurityScoreCard, companies can improve their security measures against DDoS bots through this list.
“To help organizations better protect themselves, SecurityScorecard has published a list of proxy IPs to help block the Killnet DDoS bot,” the company stated in its blog post.
The hacker group’s open proxy IP blocklist currently contains tens of thousands of proxy IP addresses that Russian hacktivists use in their network traffic flooding attacks. According to the FBI, the group’s DDoS attacks are actually publicity gimmicks that have gained limited success.
The group mainly relies on Telegram for its operations, and its Telegram channel has over 92,000 followers. Though their DDoS attacks usually don’t cause significant damage, they may disrupt services for hours or knock websites offline. This could affect healthcare organizations and their millions of patients, since bots can flood network traffic, preventing doctors and patients from sending or receiving health-related information online.
Moreover, patients may not be able to schedule appointments. Nevertheless, you can check the full blocklist of proxy IPs here.
RELATED NEWS
- Decryptor key for Sodinokibi, REvil ransomware
- Decrypt data from Hakbit & Jigsaw ransomware