Killnet, a pro-Russian hacktivist group, has announced its collaboration with the notorious ransomware gang ReVIL to launch an assault on the Western financial system. While the group’s threats have raised concerns, it remains unclear whether they are simply empty rhetoric or a genuine cause for alarm. Previous actions by Killnet have mainly involved mildly disruptive distributed denial of service (DDoS) attacks.
In a video posted on a Russian Telegram channel, Killnet targeted several financial systems, including the SWIFT banking system, Wise international wire transfer system, SEPA intra-Europe payments service, and central banks in Europe and the US. The group claims that the attack is motivated by the US providing weapons to aid Ukraine, stating “repel the maniacs according to the formula, no money — no weapons — no Kiev regime.”
The alleged collaboration involves two other groups: ReVIL and Anonymous Sudan. Anonymous Sudan has previously carried out DDoS attacks in retaliation for perceived anti-Islamic activities in France, Germany, the Netherlands, and Sweden. However, researchers from Trustwave have suggested that Anonymous Sudan and Killnet may be interconnected, potentially making Anonymous Sudan a masked subsidiary of Killnet.
While ReVIL, a ransomware gang, disbanded in 2022 following a Russian takedown, signs of its reappearance have surfaced recently. A Telegram channel named “REvil” was created on June 15, with a shout-out to Killnet. Nevertheless, researchers have not found substantial evidence to validate the partnership between Killnet and ReVIL.
It is possible that Killnet is fabricating the collaboration with ReVIL to lend credibility to its threats against high-profile targets. Although Killnet has previously targeted significant entities like the White House and SpaceX satellite comms in Ukraine, the impact of these attacks was limited, resulting in short service outages and disruptions to information access. Partnering with ReVIL could grant Killnet greater access to exploit vulnerabilities, infiltrate networks, and exfiltrate data.
If the collaboration with ReVIL is not genuine, the threatened attacks are unlikely to cause extensive or prolonged disruptions to Western banking infrastructure. Instead, the publicity surrounding the alleged financial catastrophe could serve as a means to harass Western governments and financial institutions. Alternatively, it could be another attempt by Killnet to gain attention and notoriety.
In conclusion, while the claims made by Killnet regarding its collaboration with ReVIL and Anonymous Sudan raise concerns, the legitimacy of these partnerships remains unverified. The intended attacks on the Western financial system may or may not materialize, and their impact, if they occur, is likely to be limited. As the situation unfolds, Western governments and financial institutions should remain vigilant but not be unduly alarmed.