According to US officials, Russian hacktivist group KillNet targeted the US Treasury with a distributed denial of service (DDoS) a month ago but failed to impact the institution.
KillNet made a name for itself by hitting various private and government institutions worldwide, with mixed results. In some cases, the DDoS attacks rendered websites and other online resources unavailable, but the existing protection infrastructure held up in many other situations. This seems to be the case with the attack on the US Treasury.
According to Reuters, cybersecurity counselor to Deputy Treasury Secretary Wally Adeyemo, Todd Conklin, said the US Treasury has already attributed this attack to KillNet, the group responsible for the attacks on numerous airport websites in early October. It's worth mentioning that the October attacks didn’t affect US air travel despite blocking access to some websites. This is the same group that hit numerous similar targets in Europe right after Russia invaded Ukraine.
Conklin also said the group hit several US financial services firms around the same time, including JPMorgan Chase & Co.
"It confirmed that we're on the right track with how we're trying to actually share tactical information with the sector in real time with the mind that we are interconnected and face the same threat actors," said Conklin. The US Treasury shared the IP addresses that generated the attacks with the financial firms, allowing them to deflect the traffic easily.
"Before and over the course of this unconscionable invasion, we have remained in close contact with many of you to provide critical updates, flag potential risks, and ensure we are giving you what you need to keep your systems secure," said Deputy Treasury Secretary Wally Adeyemo to the regulator-led Financial and Banking Information Infrastructure Committee (FBIIC) and the industry-led Financial Services Sector Coordinating Council (FSSCC).
Even though KillNet didn't leave a dent in the US infrastructure, companies and governments need to continue to guard against similar DDoS attacks, which could increase in intensity.