March 6, 2023

The Killnet Botnet: A Threat to Healthcare and Banking Sectors

In recent months, the Killnet Botnet has been making headlines for its malicious activities targeting the healthcare and banking sectors. The botnet deploys a network of infected computers used to carry out coordinated attacks, and is known for its sophisticated techniques, which make it difficult to detect and stop. As a result, these sectors are becoming increasingly vulnerable to cyber-attacks, putting sensitive information at risk. 

Statistics show that the healthcare sector is one of the top targets for threat actors. Cyber attacks brought down the websites of 14 U.S. hospitals on 30 January 2023, including Duke University, Stanford Healthcare, and Cedars-Sinai, exposing the personal information of millions of patients. This highlights the need for the healthcare sector to increase its focus on cybersecurity.

Similarly, the banking sector is also at risk of cyber attacks. The financial sector is a prime target for hackers, who can use the sensitive financial information they obtain to carry out financial fraud. On 31 January 2023, Denmark announced that it was raising its cyber risk alert level after weeks of cyber attacks disrupted access to the websites of Denmark's central bank and seven private banks in the country.

On 5 October 2022, Killnet also claimed responsibility for a cyber incident that disrupted the availability of three US state government websites. 

The damage caused by the Killnet Botnet can be severe. In addition to the loss of sensitive information, businesses and organizations can also experience financial losses, damage to their reputation, and disruptions to their operations. Moreover, individuals who have their personal information exposed may become victims of identity theft or financial fraud.


Modus Operandi of Killnet Attacks 


Let’s examine the attack vectors and techniques employed by Killnet.


Attack Vectors

1. Phishing Scams: Killnet uses phishing scams to trick individuals into revealing sensitive information, such as login credentials and financial information. The group sends emails that appear to be from legitimate sources, such as banks or healthcare organizations, and contains a link or attachment that, when clicked, downloads malware onto the victim's computer.

2. Malware: Killnet uses malware to gain access to a victim's computer and steal sensitive information. The group often uses malware such as Trojans, rootkits, and ransomware to carry out its attacks.

3. Social Engineering: Killnet uses social engineering tactics to manipulate individuals into revealing sensitive information. This can include pretexting, baiting, and tailgating.


1. Advanced Persistent Threats (APTs): Killnet uses APTs to maintain a persistent presence on a victim's network, allowing the group to steal sensitive information over an extended period of time.

2. Command and Control (C2) Infrastructure: Killnet uses a sophisticated C2 infrastructure to control its network of infected computers, which it uses to carry out coordinated attacks.
3. Encryption: Killnet uses encryption to conceal its activities and evade detection. The group uses encrypted communications to communicate with its C2 infrastructure and encrypts stolen data to make it more difficult for security teams to detect and recover.


While Killnet is gaining recognition for a spate of high-profile DDoS attacks using a variety of attack vectors and techniques to target the healthcare and banking sectors, they are not the only hacktivist group exploiting organizational vulnerabilities. An increasing number of recent cyber attacks on critical infrastructure originate from nation-states and their proxies. And with the Russia-Ukraine conflict locked in a stalemate, these incidents show no sign of abating. It is therefore crucial for organizations and individuals to understand these tactics in order to better protect themselves from these types of attacks.


Building Cyber Resilience in Critical Infrastructure


While DDoS attacks typically do not cause major or lasting damage, they can cause service outages that span several hours, days or even weeks, seriously affecting hospitals, denying patients from receiving the care that they require. And for most organizations, a cyber attack is not a matter of if, but when. An institution’s level of cyber resilience can preserve its trust with clients and the public at large, and therefore having a system in place to respond to incidents is paramount. 

By implementing advanced WAF and comprehensive cloud/ hybrid DDoS mitigation solutions via a service like Nexusguard, while being cautious when opening emails or attachments from unknown or suspicious sources, organizations and individuals can greatly reduce their risk of being a victim of the Killnet Botnet.

During a cyber attack, Nexusguard’s team of experts help triage the situation, limit further damage, offer communication guidance, investigate the source, and provide actionable post-incident reporting. Nexusguard also maintains blocklists that can help defend against Killnet and similar hacktivist groups by identifying IP addresses involved in their previous cyber attacks. 

As a global leader in cybersecurity, Nexusguard helps organizations, small and large, and industries gain comprehensive visibility into the effectiveness of their cybersecurity efforts, detect and mitigate security risks and threats, and more. Gain continuous visibility into your cyber risk and deploy robust, fast and scalable solutions with Nexusguard. Visit Nexusguard for more information.


Get the latest cybersecurity news and expert insights direct to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.