The same Russian threat actors that this week targeted Italian parliamentary and military websites and threatened to disrupt U.K. National Health Service (NHS) services, could now have the Eurovision Song Contest 2022 final in their crosshairs.
The Killnet threat group has threatened to “send 10 billion requests” to the Eurovision online voting system and “add votes to some other country.”
What is Killnet?
The pro-Kremlin Killnet cybercriminal group boasts of conducting “military cyber exercises” to improve member skills, appears to be mostly involved in reasonably straightforward, if disruptive, Distributed Denial-of-Service (DDoS) attacks.
According to threat intelligence experts at Cyjax, Killnet first emerged back in March following the Russian invasion of Ukraine. Using the newly launched ‘Killnet Botnet DDoS’ resource, its first target was the Anonymous hacktivist collective. This involved disrupting “the Anonymous website.” Or, at least, it would have if such a thing existed.
As Cyjax explains, there is no central Anonymous website. “It’s more likely that an independent generic Anonymous website was targeted to boost morale for the Russian side,” Cyjax says.
Killnet threatens to disrupt Eurovision 2022 final voting
In an apparent attempt to prevent or disrupt the online voting for current Eurovision favorites from Ukraine, the Kalush Orchestra, Killnet has hinted it could target Eurovision servers. In a Telegram message, the group claimed to have already disrupted the voting system. Or, rather, that the DDoS Botnet might be behind earlier voting difficulties.
Russia was banned from competing in Eurovision 2022 following the invasion of Ukraine, and the Kalush Orchestra has stated that a win would be a morale booster for the people of Ukraine.
A Eurovision spokesperson said that the voting system has “a wide range of security measures in place to protect audience participation” and this year will be no different in that regard.
Killnet also appears to withdraw threat to Eurovision 2022 final voting
As with so many of these types of groups, it can be hard to separate claims of responsibility for service disruptions from opportunism when sites have unrelated technical difficulties. Bizarrely, the Killnet group seems to be distancing itself from those threats to the Eurovision final in the same message that it makes them.
The group posted on Telegram claiming that the Eurovision online voting servers were unprotected and threatened to send “10 billion requests and add votes to some other country.” However, it also stated that “it does not make sense to influence the vote online,” and further attacks are “not worth the time.” The messaging is quite mixed to say the least. The threat is certainly there, although whether it will amount to anything is, frankly, unlikely.
Eurovision 2022 organizers should take extra special cybersecurity precautions this year
Jake Moore, the former head of digital forensics at Dorset Police in the U.K and now global cybersecurity advisor at cybersecurity outfit ESET, says, “it is unsurprising it has also become a target for a cyberattack, particularly when winning is so entwined with national pride. Naturally, Eurovision organizers should take extra special cybersecurity precautions this year if they want to ensure the voting system remains as robust as possible.” Moore went on to say that malicious actors are out to disrupt the final in any possible way, but that “DDoS protection is a simple win assuming the organizers do not underestimate the power of a denial-of-service attack.”