Geopolitics

Pro-Russian cybercriminals briefly DDoS Congress.gov

KillNet, the group that claimed responsibility, has launched a series of attacks around the world on perceived enemies of Russia.

By AJ Vicens

July 8, 2022

The US Capitol in Washington, DC, on June 29, 2022. (Photo by MANDEL NGAN/AFP via Getty Images)

A pro-Russian cybercrime group attacked the Congress.gov web domain Thursday, resulting in temporary down time that “briefly affected public access,” the Library of Congress told CyberScoop Friday.

KillNet — a pro-Russian group that has launched a series of distributed denial-of-service attacks on targets around the world perceived as hostile to the Russian government — posted a video that included a 503 error page alongside an image of President Joe Biden.

“They have money for weapons for the whole world, but not for their own defense,” the group wrote in a message on its Telegram channel, according to a Google translation.

Screenshot from a video posted by KillNet.

A spokesperson for the Library of Congress, which administers the domain, told CyberScoop in an email that the site suffered a DDoS “network attack that briefly affected public access,” adding that the site was “intermittently affected” starting at about 9 p.m. Thursday and returned to normal operation just after 11 p.m.

“The Library of Congress used existing measures to address the attack quickly, resulting in minimal down time,” the spokesperson said. “The Library’s network was not compromised and no data was lost as a result of the attack.”

KillNet is one of several pro-Russian cybercriminal groups to emerge in the wake of the Feb. 24 Russian invasion of Ukraine. In April, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency included the group in an alert about Russian state-sponsored and criminal cyber threats to critical infrastructure as one of an array of groups that carry out actions in support of the Russian government but may also be financially motivated.

The group attacked a small airport in Connecticut in March and has since gone after targets around the world. In the last week of June it was linked to a series of attacks in Norway, and has also incessantly attacked Lithuanian targets as that country blocked transport routes with Kaliningrad, a Russian province on the Baltic Sea bordered by Lithuania and Poland.

A May analysis from cybersecurity firm Mandiant listed KillNet in the same category as other “hacktivist” groups, such as Kaxnet and RahDit, that carry out activities in support of Russia even as the degree of affiliation with the Russian state is unknown.