The rise of Pro-Russian hacker groups in recent years has become a growing concern for the security world. Among these groups, UserSec, a prominent hacking group, has recently formed an alliance with eight other Pro-Russian groups, creating a powerful coalition. Falcon Feed, a threat intelligence service provider, shared details about UserSec’s alliance in a tweet, which included images from a threat actor’s post showcasing the collaboration between these groups.
The newly formed alliance consists of TeslaBotnet, NetSide, Indian Cyber Force, Black Dragon Sec, ETUnit, Loyd Xelliship, BLOODNET, and NET-WORKER. While their exact motives remain unknown, it is believed that this collaboration aims to target NATO. The images released by UserSec offer a glimpse into the world of the threat actors, revealing their involvement in promoting Pro-Russian agendas.
Another group named NoName057(16) has been working closely with UserSec and other threat actors to further these agendas. In May 2023, UserSec declared its intention to launch a cyber campaign aimed at defacing websites belonging to NATO member nations. The group announced its official UserSec Telegram channel, indicating their plans to carry out these attacks. UserSec claims to operate independently and states that they do not receive orders from the state. They identify themselves as an entity working for the betterment of Russia and have expressed their intentions to attack Europe, the West, and all NATO countries.
The collaboration between UserSec and KillNet, another prominent Pro-Russian hacker group, highlights a growing trend of hacker groups joining forces to amplify their impact. Last month, KillNet initiated its campaign against NATO by leaking the personal information of over 4,000 individuals affiliated with the organization on a dedicated Telegram channel. The timing of the attack coincided with the NATO Secretary General’s visit to Ukraine, raising concerns about KillNet’s intentions. Following the leak, KillNet’s leader declared their transformation into a private mercenary group, offering hacking services to private organizations and state-sponsored entities.
In April, cybersecurity agencies from the Five Eyes nations issued a warning, urging critical infrastructure entities to prepare for potential attacks from groups supported by or sympathetic to the Kremlin. This advisory came amidst significant Western opposition to Russia’s invasion of Ukraine. The joint alert included specific technical information about over a dozen Russian state-sponsored hacking groups and cybercriminal organizations aligned with Russia. The Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, emphasized the importance of organizations taking action to protect themselves during this heightened threat environment.
UserSec has actively supported KillNet’s operations and participated in a distributed denial-of-service (DDoS) campaign against the U.S. medical sector. Another group, Anonymous Sudan, has expressed support for campaigns against NATO members, and UserSec claims to have collaborated with them to assist in KillNet’s attacks.
The rise of Pro-Russian hacker groups and their collaboration with each other poses a significant threat to global cybersecurity. As these groups continue to target NATO and other entities, it is crucial for governments and organizations to enhance their cybersecurity defenses and remain vigilant against these evolving threats.