The same Russian threat actors who this week targeted Italian parliamentary and military websites and threatened to disrupt the services of Britain’s National Health Service (NHS) may now be targeting the 2022 Eurovision Song Contest final.
The Killnet threat group has threatened to send “10 billion requests” to the Eurovision online voting system and “add votes to another country”.
What is Killnet?
The pro-Kremlin cybercriminal group Killnet boasts of conducting “military cyber drills” to hone the skills of its members and appears to be primarily involved in relatively straightforward, if disruptive, distributed denial-of-service (DDoS) attacks.
According to threat intelligence experts at Cyjax, Killnet first appeared in March after the Russian invasion of Ukraine. Using the newly launched Killnet Botnet DDoS resource, its first target was the hacktivist collective Anonymous. This included the disruption of the “Anonymous website”. Or at least there would have been if there had been such a thing.
As Cyjax explains, there is no central Anonymous website. “It’s more likely that an independent, generic anonymous website was aimed at boosting the morale of the Russian side,” says Cyjax.
Killnet threatens to disrupt Eurovision 2022 final voting
In an apparent attempt to prevent or disrupt online voting for current Eurovision favorites from Ukraine, the Kalush Orchestra, Killnet has hinted that it may be attacking Eurovision servers. In a Telegram message, the group claimed to have already disrupted the voting system. Or rather, that the DDoS botnet could be behind previous voting difficulties.
Russia was banned from participating in Eurovision 2022 after invading Ukraine, and the Kalush Orchestra has said that a win would boost the morale of the people of Ukraine.
A Eurovision spokesman said the voting system had “a wide range of security measures to protect viewer participation” and this year will be no different in that regard.
Killnet also appears to be withdrawing the threat to the Eurovision 2022 final vote
As with so many of these types of groups, it can be difficult to separate responsibility for service disruptions from opportunism when sites are experiencing unrelated technical difficulties. Curiously, the Killnet group seems to be distancing themselves from these Eurovision finale threats in the same message they are making.
Posting on Telegram, the group claimed that Eurovision’s online voting servers were unprotected and threatened to “send 10 billion requests and add votes to another country”. However, it also said there that “it makes no sense to influence the voting online” and that further attacks were “not worth the time”. The messaging is quite mixed, to say the least. The threat is certainly there, although, frankly, it’s unlikely it’ll lead to anything.
The organizers of Eurovision 2022 should take special cyber security precautions this year
Jake Moore, former Head of Digital Forensics at Dorset Police in the UK and now Global Cybersecurity Advisor at cybersecurity firm ESET, says: “It’s not surprising that it has also become a target for a cyberattack, especially when the win is so closely related to national pride. Of course, Eurovision organizers should take extra cybersecurity precautions this year if they want to ensure the voting system remains as robust as possible.” Moore went on to say that malicious actors are out to disrupt the final in any way they can, but that “DDoS protection is an easy win, provided organizers don’t underestimate the power of a denial of service attack.”