The pro-Russian hacktivist Killnet claims to be working in concert with a resurgent form of the notorious ReVIL ransomware gang.
The group is warning that attacks are imminent, but it’s unclear whether the threats amount to anything more than bluster and saber-rattling, particularly given Killnet’s past track record of, at most, carrying out mildly DDoS attacks.
A video posted on a Russian Telegram channel on June 16, Killnet made ominous threats against the SWIFT banking system, the Wise international wire transfer system; the SEPA intra-Europe payments service; central banks in Europe and the US; and other institutions.
Anonymous Sudan is an emergent DDoS player that targeted entities in France, Germany, the Netherlands, and Sweden earlier this year, ostensibly in retaliation for perceived anti-Islamic activity in each of these countries. Rrsearchers in the past have tied Anonymous Sudan to Killnet, noting it could simply be a masked subsidiary.
ReVIL, which imploded in 2022 after a Russian takedown, evidence of a re-emergence is one day old: On June 15, a Telegram channel called, fittingly, “REvil,” was created. It was used to circulate a shout-out (“Hello Killnet”) that went on to be heavily re-posted in a Killnet-affiliated Telegram channel.
Killnet could be fabricating the ReVIL partnership to lend some heft and gravitas to its threats against some tough targets. A ReVIL partnership that’s more than a flight of fancy “would allow them greater access to vulnerability exploitation, network intrusion, and data exfiltration.”
Even so, the publicity push around a supposedly imminent financial catastrophe could be simply an effort to harry Western governments and financial institutions. It’s a notorious action to gain attention
This was documented by researchers from Trustwave.