Russian hacker group Kill Net, an APT, uses a variety of attack methods, including DDoS attacks, to target military organisations and government institutions.
A warning about Russian hackers has been released by the federal government. A Russian hacker group is allegedly targeting Pakistan’s military and government systems, according to the Cabinet Division’s advisory.
Russian hacker group Kill Net, an APT, uses a variety of attack methods, including DDoS attacks, to target military organisations and government institutions.
The advisory claims that the Pro-Russian APT group has been operating out of the Kremlin, Russia, since January 2022. In the midst of the conflict between Russia and Ukraine, Kill Net is renowned for launching DDoS attacks against the US, other NATO nations, and allies of Ukraine. Pakistan’s military and civil structures have frequently been the target of Kill Net.
The advisory claims that the Kill Net primarily employs DDoS and brute force dictionary attacks to severely disrupt the services of vulnerable CII with a public facing audience. Kill Net DDoS attacks have typically only given victims a brief period of downtime. However, it makes nations around the world look bad.
Governmental organisations have been urged by the cabinet division to take proactive preventive measures against DDoS and other cyberattacks. It has advised the institutions to use reputable firewalls, IPS/IDS, and SIEM solutions, as well as to monitor networks at the administrative level, including file hashes, file locations, logins, and unsuccessful login attempts.
The cabinet division has recommended limiting user permissions, incoming traffic, and internet access to only those users who actually need it, as well as limiting data usage rights. It has requested that government agencies and representatives use digital code-signing to validate software and documents before downloading.
The cabinet division has requested that MFA be implemented in critical systems such as mailing system administrator controls. Additionally, crucial data should always be periodically backed up.
It has been suggested to regularly update all operating systems, software, and other technical equipment as well as to change administrator passwords on a regular basis.
The cabinet division has requested that firewalls like Next-Gen Firewall (NGF), Web Application Firewall (WAF), and Network-Based Firewall be enabled and that anti-DDOS service is provided with website domain hosting from the ISP.
To detect internet usage anomalies and traffic spikes, to ensure fragmentation and multi-content delivery networks, to filter incoming traffic, and to block suspicious traffic after deep packet inspection, it has been advised to enable SIEM and event logging 24/7.
In addition to updating applications, hardening IT hardware, using strong passwords, and ensuring data backups, the cabinet division has advised the government institutions to take additional preventive measures. Network administrators are required to block every malicious domain, URL, and document hash at the firewall and network, including APT Kill Net.