Cyber Incident Victim: Executive Office of the President

On November 17, 2022, the pro-Russian threat group Killnet launched a distributed denial-of-service (DDoS) attack against WhiteHouse.gov, targeting the Executive Office of the President’s online presence. This attack formed part of a coordinated campaign against entities perceived as supporting Ukrainian interests. Killnet publicly claimed responsibility for the WhiteHouse.gov disruption through Telegram channels, framing it as retaliation against U.S. geopolitical stances. The group followed this attack with a November 18 DDoS operation against Starlink, Elon Musk’s satellite internet service, causing confirmed login disruptions for users. Trustwave researchers later corroborated the timing and nature of the Starlink outage through user reports on Reddit, though specific technical details regarding the WhiteHouse.gov disruption were not publicly disclosed.

Killnet expanded its campaign on November 22 by targeting the official website of the Prince of Wales, accompanied by threats to escalate attacks against additional Western targets. Trustwave’s analysis characterized these operations as unsophisticated, high-volume DDoS attacks lacking advanced techniques but noted their symbolic impact. The group had previously targeted UK healthcare systems, the London Stock Exchange, and the British Army, indicating a pattern of politically motivated disruptions. While the White House incident’s operational impact remained unquantified in public reporting, Trustwave assessed Killnet’s capabilities as limited to basic DDoS methods but warned of persistent threats to organizations opposing Russian interests. The attacks underscored Killnet’s strategy of leveraging publicity through Telegram announcements to amplify psychological and reputational effects beyond technical disruption.