U.S. websites under cyberattack as Russian-speaking hackers take aim

Russian-speaking hackers took aim at U.S. state government websites this week, some of which suffered outages that persisted into Thursday.

Killnet, a hacking collective, published U.S. state government websites as targets in Russian messages on the tech platform Telegram alongside an image of fire erupting behind the Statue of Liberty accompanied by the captions “USA Offline” and “F*ck NATO.”

The group crashed the Colorado government’s website home page on Wednesday and it was still down Thursday.

The Colorado Governor’s Office of Information Technology said a cyberattack from an “anonymous suspected foreign actor” took the Colorado.gov homepage offline and the office pointed to reports that multiple other states experienced similar problems.

“Currently, there is no estimated timeline for bringing the Colorado.gov homepage back online,” the office said in a statement on its website. “While the homepage is down, online access has not been compromised and services remain available.”

The office said a temporary webpage was accessible to direct Coloradans to common online services.

Killnet hackers focused on the main websites of 15 state governments this week, according to research from the cybersecurity firm Check Point, which is headquartered in the U.S. and Israel.

Among the states hackers identified on Telegram were Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Indiana, Kansas, Kentucky, and Mississippi.  

Many cybersecurity professionals cautioned against assessing that the hackers were sophisticated cyberattackers with the support of a government rather than a loose collective of pro-Russian vandals and hooligans.

Emsisoft threat analyst Brett Callow said the Killnet hackers did not likely represent an overly serious problem but revealed the potential for low-skill attackers to disrupt government systems. He noted the hackers looked to be accomplishing the outages with distributed denial of service attacks, which typically overwhelm an internet target with a flood of traffic. 

“What Killnet is doing seems to amount to nothing more than nuisance-level DDoS attacks,” Mr. Callow said in an email. “The group is [a] pro-Russia collective which, as far as I’m aware, has no connection to the Russian government.”

John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant, similarly identified the attackers as seeking to overwhelm the states with DDoS attacks.

“Important not to overestimate this threat, but also a great reminder that federalism increases our attack surface,” Mr. Hultquist said on Twitter.

The timing of the Russian speakers’ hacking campaign before the November election has also caused consternation. The Kentucky Board of Elections website appeared temporarily offline on Wednesday, according to CNN, but the hackers did not list the board’s website as a target and it remains unclear what caused that outage.

The Biden administration has recently sought to quell concerns that cyberattackers aiming at election infrastructure are capable of succeeding.

The FBI and Cybersecurity and Infrastructure Security Agency published an assessment Tuesday saying cyberattacks are “unlikely to disrupt or prevent voting.”

“As of the date of this report, the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies said. “Any attempts tracked by FBI and CISA have remained localized and were blocked or successfully mitigated with minimal or no disruption to election processes.”

The FBI and CISA’s bulletin said election officials use a variety of technological, physical, and procedural tools to prevent malicious cyber activity including denial of service attacks from affecting the integrity, confidentiality, and availability of election infrastructure systems and data.