Self-styled “hacktivists” supporting the Russian invasion of Ukraine have launched a campaign of DDoS attacks against NATO, including a Turkey-Syria earthquake relief mission. The Russian hackers took credit for the attacks on their Telegram channel, not long after a wave of attacks on hospitals.
The attack did not appear to have serious ramifications for the earthquake relief mission, but it temporarily disrupted a secure NATO communications channel used for classified information and may have delayed the movement of aircraft for a short time. The Killnet group, a loose affiliation of Russian hackers, has been organizing DDoS attacks on various civilian targets since shortly after the start of the invasion of Ukraine.
Minor hampering of earthquake relief efforts due to DDoS attacks
The Russian hackers that comprise Killnet operate independent of the national government, and wield their DDoS attacks in ways that would draw a nation into war if attributed to them. In addition to hospitals, the group has previously targeted airports and government agencies. However, it generally does little more than knock public-facing websites offline for several hours; some estimates by US security researchers say that only about half of Killnet’s attacks do any kind of damage at all.
Though NATO did not appear to suffer much operational disruption from the DDoS attacks, the organization says that it has improved security measures to prevent further disruptions to vital earthquake relief or other international missions. NATO support is key to the success of air rescue groups that continue to comb Syria and Turkey for survivors that may be trapped in rubble.
Any attack by Killnet always raises discussion about the possible clandestine involvement of the Russian government, but in this case it would seem even more improbable than usual. Turkey and Russia are on at least cordial terms, one of the extremely few remaining NATO members to retain normal relations after the invasion of Ukraine, and are major trading partners for a number of different goods. The Russian hackers were likely freelancing in this case, and may not meet with a warm response from Moscow after the potentially counterproductive earthquake relief antics.
Russian hackers persistent in their attacks, but not particularly successful
The Russian hackers have been launching frequent DDoS attacks since March of 2022, for nearly a year now, but are not meeting with a great deal of success considering how active they are. The most visible element of the attack on the earthquake relief efforts was the disappearance of the public-facing NATO Special Operations Headquarters website for about two hours. This reflects a general pattern in the group’s rash of attacks on airport websites in 2022, which resulted in passengers seeking online arrival and departure information being inconvenienced for several hours but did not disrupt flight operations and were likely not even noticed by people already at the airport.
The 7.8 magnitude earthquake that struck in early February was followed by a wave of magnitude 4 aftershocks in the region, which in some cases caused previously damaged buildings to fall unpredictably. There have been over 35,000 fatalities to date.