Pierluigi Paganini February 09, 2023

SecurityScorecard’s researchers released a list of proxy IPs used by the pro-Russia group Killnet to neutralize its attacks.

SecurityScorecard’s researchers published a list of proxy IPs used by the pro-Russia group Killnet with the intent to interfere with its operation and block its attacks.

“To help organizations better protect themselves, SecurityScorecard has published a list of proxy IPs to help block the Killnet DDoS bot.” reads the post published by the security firm SecurityScorecard.

The Killnet group has been active since March 2022, it launched DDoS attacks against governments and critical infrastructure of countries that expressed support to Ukraine, including Italy, Romania, Moldova, the Czech Republic, Lithuania, Norway, and Latvia.

Early this month, the Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospitals in the Netherlands and Europe were hit by DDoS attacks carried out by the group Killnet.

The group of hackers launched the offensive against the hospitals in the European countries due to their support for Ukraine.

“Hospitals in Europe, including in the Netherlands, have in all likelihood been targeted by the pro-Russian hacker group Killnet,” the NCSC said.

Early this week, experts from Z-CERT, the computer emergency response team for the Dutch healthcare sector blamed the Killnet group for the cyber attacks that hit the University Medical Center Groningen (UMCG) on Saturday. The Pro-Russia group of hackers targeted 31 Dutch hospitals.

The hackers also targeted hospitals in the UK, Germany, Poland, Scandinavia and the United States. Last week, the group announced the attacks on its Telegram channel, calling for action against the US government healthcare.

Last week the pro-Russia group intensified its activity. The group launched a series of DDoS attacks against the websites of German airports, administration bodies, and banks. The attacks are the hacktivists’ response to the German government’s decision to send Leopard 2 tanks to Ukraine.

In November, Killnet claimed responsibility for the DDoS attack that today took down the website of the European Parliament website.

The attack was launched immediately after lawmakers approved a resolution calling Moscow a “state sponsor of terrorism“.

The list of proxy IPs shared by the experts also includes addresses used by other gangs.

The list was published on GitHub and contains around 17,746 IP addresses. The knowledge of these IP addresses can allow organizations to blacklist them and prevent DDoS attacks originating from them.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, hacktivism)