IOTW: Russian hackers target NATO sites with DDoS attack

The North Atlantic Treaty Organization (NATO) has been the victim of a series of distributed denial of service (DDoS) attacks, causing temporary disruption to some of its sites.

The DDoS attacks have been linked to the Russian hacktivist collective Killnet which had posted via an encrypted channel on social media platform Telegram that it was planning to launch cyber attacks against NATO. The group also appeared to be asking for cryptocurrency donations to launch further attacks.

Jens Stolberg, secretary general of NATO, said that protective measures had been deployed in response to the attack.

Stolberg noted that NATO’s classified networks, which are used to communicate within its command structure and on active missions, were not affected by the DDoS attack. He also said that “the majority of NATO websites were functioning as normal” and that the organization’s technical teams were “working to restore full access”.

Despite Stolberg’s assurances that the network was not affected, it has been reported that communications between NATO and its Strategic Airlift Capability (SAC) were affected by the attack. The SAC has been used as part of NATO’s response to the magnitude 7.8 earthquake that hit Syria and Turkey on 6 February and its subsequent aftershocks, with an aircraft being used to fly search and rescue teams and their equipment to an airbase in Turkey. The SAC’s ability to communicate with the aircraft it was allegedly affected by network disruption although it did not fully lose contact with the plane.  

What are hacktivists?

Hacktivists, or hacktivism, describes hackers who are motivated not by monetary gain but by their political views. Hacktivists used cyber attacks to further their ideology or make political statements using disruptive threat vectors like DDoS attacks to take websites or services offline.

Hacktivists may also steal sensitive or embarrassing information about their political adversaries to post online, a technique known as doxxing.

Hacktivists targeted Iran’s steel industry

On June 28, 2022, one of Iran’s largest steel manufacturers was targeted by the hacktivist group Gonjeshke Darande (Predatory Sparrow).

Khouzestan Steel Company was forced to close its plant due to technical issues as a result of the attack, with the company’s website also down.

Predatory Sparrow posted a video on social media, claiming to have affected multiple other steel companies in the attack including Mobarakeh Steel Company and the Hormozgan Steel Company.

The attack was orchestrated against Khouzestan Steel Company as, according to Predatory Sparrow, the company has continued to operate despite government sanctions. In January 2021, several companies connected to the steel industry in Iran were sanctioned by the US Treasury Department after it was alleged that the metal producers had been using their revenue to fund the Iranian regime and its nefarious activities.

The group also said that the attacks were launched in response to the “aggression of the Islamic Republic [of Iran]”, and that they were carried out “carefully so to protect innocent individuals”.