FBI downplays success of Pro-Russia cyber hacktivists

Pro-Russia cyber criminals that recently attacked US critical infrastructure targets have had “limited success,” according to the Federal Bureau of Investigation (FBI).

At the same time, the FBI warned operators of critical national infrastructure (CNI) to ensure they have mitigations in place, as pro-Russia hacktivists continue to target them with distributed denial of service (DDoS) attacks.

In its latest note on cyber, the FBI indicated that it had noticed an uptick in such activity since the start of Russia’s war against Ukraine.

However, it added that these attacks have had limited success thus far and that the biggest impact may be psychological.

“Hacktivists provide tools and guidance on cyber-attack methodology and techniques to anyone willing to conduct an attack on behalf of their cause. DDoS attacks of public-facing websites, along with web page and social media profile defacement, are a preferred tactic for many operations,” the FBI said.

“These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service.”

The notification added that many hacktivist groups seek to recycle previously leaked information in a bid to build a perception of higher technical ability than they have. However, by posting coverage of their efforts, they can also encourage copycat attacks, it warned.

The FBI urged all CNI firms to enrol in DDoS mitigation services, collaborate more closely with their ISPs to manage traffic during an incident, and create a disaster recovery plan. 

It added that firms under attack should also monitor for any secondary activity which may otherwise be hidden by the DDoS.

The most notable recent efforts by Russian hacktivists include a campaign by group KillNet, which targeted some 14 US airports, taking many of their websites offline temporarily.

Killnet has promoted Kremlin viewpoints and previously engaged in cyber-attacks targeting western nations but its exact ties to the Russian government are unknown.