Hacking gangs Killnet, Anonymous Sudan and REvil are threatening to launch a “destructive” attack against the whole of the European financial system, starting with the SWIFT international communications system, at some point in the next 48 hours. In a video released yesterday, the trio say they are hitting back at Europe for its role in helping Ukraine in the war with Russia. Security researchers have told Tech Monitor that while this prospect may appear far-fetched, financial institutions should be on “high alert” for some kind of an attack, as KillNet is known for its powerful distributed denial of service (DDoS) attacks.
The attacks may very well be sanctioned by the Russian government, as all three gangs have been linked to security service the GRU in the past.
Killnet REvil and Anonymous threaten SWIFT with destructive attack in 48 hours
Killnet and Anonymous Sudan, a faction of the wider Anonymous hacktivist movement, yesterday released a video and several posts on Telegram warning that a “destructive attack” on the European banking system will commence in 48 hours. The US Federal Reserve could also be targeted, according to the post.
REvil is mentioned in the videos, but does not appear to be heavily involved. The individual in the video appears in typical anonymous style with requisite Guy Fawkes mask and cloaked voice. “If God rules Russia then who rules Europe?” he asks. “That’s right! The banking system. No money, no weapons, no Kyiv regime,” implying a politically motivated attack targeting Europe for its involvement in the Ukraine war.
This type of political posturing is typical of Russia-based Killnet, which has threatened Nato and its allies in the past over their anti-Russia stance.
The video outlines an imminent attack, citing REvil’s expertise in the European banking structure, as well as presenting a call to arms for “all active groups”, to “engage in destructive activities” against the European financial sector, specifically SWIFT, which is used to facilitate communication between international banks. Russian banks were banned from SWIFT after the conflict in Ukraine began last year.
Tech Monitor has contacted SWIFT for comment but has not yet heard back at the time of writing.
While the claims may appear far-fetched, they must be taken seriously as a precaution, says Allan Liska, head of the cybersecurity response team at security company Recorded Future. KillNet and Anonymous Sudan are considered to be fronts for Russia’s government, Liska says. “At the very least, they are getting support from the GRU,” he explains.
Killnet specialises in DDoS attacks, and in November launched a strike against the European Parliament, shutting its website down for several hours. It has also hit other allies of Ukraine during the war, including Lithuania and Japan. DDoS attacks are relatively simple to launch, but are far less damaging than other types of cyberattack.
“So far, all we have seen out of these groups are DDoS attacks, but they’ve been really good at it,” Liska says. “I would be on high alert if I were managing the SWIFT network, whether they have just figured out a way to DDoS it, or they’re going to get inside and take the whole thing down, which is less likely.”
Is the threat the attack?
This threat to the financial system could turn out to be the sum of the attack, one that aims to manipulate public discourse, says Charles van der Walt, head of security research at Orange Cyberdefense. “Attacks of this nature are designed to create fear, uncertainty and doubt,” he says. The language used is often propaganda-based to claim they are bringing down systems ‘for the people’, or that their goal is to change things for the better or to fight a certain ideology.”
The important thing to note, Van der Walt says, is that we are seeing a continuous evolution towards “cognitive attacks”, which seek to use hacking activity to shape public opinion, rather than acquire data or money.
“In today’s already unstable geopolitical situation, it can create the perception of being under more attacks, which serves to destabilise or amplify an already sensitive climate that exists,” Van der Walt said.