Killnet Targets Healthcare Azure Resources

Russian based threat actor Killnet has been observed targeting healthcare applications hosted using the Microsoft Azure infrastructure for over three months.

Microsoft has published the details of the new campaign in an advisory published on last week. The Azure Network Security Team said it saw between 10 and 20 attacks in November 2022 and between 40 and 60 daily attacks in February 2023.

As per the statement from Microsoft, [We tracked attack statistics through the same time and observed that DDoS attacks on healthcare organizations didn’t demonstrate severely high throughput. There were several attacks hitting 5M packets per second (PPS), majority of attacks were below 2M PPS. These attacks, although not extremely high, could take down a website if not protected by a network security service]

A variety of multi-vector layer 3, layer 4 and layer 7 DDoS attacks. Microsoft said KillNet focus was on pharma and life sciences (31%), followed by hospitals (26%), healthcare insurance/health services and care (16% each). Geography-wise, most KillNet attacks came from the US, Russia, or Ukraine.

These attacks were successfully mitigated for customers enrolled in Azure DDoS Network Protection and Web Application Firewall services. But , using DDoS scripts and stressors, botnets, and spoofed attack sources, KillNet could easily disrupt websites and apps, if not adequately protected.