Monday 6th February 2023

Cyber Threat Intelligence Weekly Update: 6th February 2023

ProRussian hacktivists target global healthcare entities with DDoS

This week we reported that the proRussian hacktivist group Killnet launched a series of Distributed Denial of Service (DDoS) attacks against healthcare entities around the world.

Killmilk, the founder of Killnet, posted earlier in January 2023 that the group planned to target entities in Portugal, Spain, Germany, Poland, Finland, Norway, the Netherlands, the UK, and the US in retaliation for their “support of the Nazis in Ukraine.” Killnet also announced the attacks on its Telegram channel with a list of targets consisting of websites from fourteen hospitals across the US, many of which were subsequently disrupted.

Other reports of confirmed that the group was also able to successfully compromise the websites of the University of Michigan Hospital, Stanford Health Care Center, and University Medical Center Groningen in the Netherlands. Killnet was joined in this campaign by another proRussian group known as Phoenix, who claim to have impacted two other hospitals’ websites as part of the same campaign. This most recent wave of attacks was launched in opposition to President Biden’s recent decision to send tanks to Ukraine and comes a week after 14 Russian civilians were killed in a hospital by USsupplied missiles. These deaths, therefore, likely informed the decision to focus mainly on healthcare entities within the US  as retaliatory attacks by Russian hacktivist groups have become increasingly common since the onset of the war.


Security Update: QNAP Systems has warned customers to install new firmware updates that fix a critical security vulnerability CVE202227596, allowing remote adversaries to inject malicious code on networkattached storage devices.

NationState: Latvia’s Ministry of Defence has confirmed they were targeted by what appears to be a phishing campaign by the Russian statesponsored espionage group Gamaredon.
new intelligence gathering campaign linked to the prolific North Korean statesponsored Lazarus Group leverage known security flaws in unpatched Zimbra devices to compromise victim systems.

Hacktivism: The proTurkish hacktivist group Türk Hack Team has targeted a range of Swedish and Danish entities with DDoS and alleged hackandleak operations, in response to Quaran burnings by extreme farright politician.

PoS Malware: Three new Prilex PointofSale malware variants have been discovered to be capable of blocking contactless transactions on infected devices and steal financial data.


Subscribe below to receive the full version.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.