Cyber Incident Victim: Mississippi State Government
Date:
Oct 2022
Location:
United States of America
Summary
Russian-speaking hackers from the group Killnet targeted multiple U.S. state government websites, including Mississippi's, causing intermittent outages that temporarily disrupted access to platforms used for tourism promotion and resident services. The politically motivated group, which supports Kremlin interests but lacks confirmed government ties, employed crude cyberattacks typical of their disruptive but non-destructive tactics. While essential government services remained operational, some web portals required mitigation efforts to restore functionality. Officials confirmed the incidents posed no largescale threats to critical infrastructure or election systems, aligning with Killnet's pattern of seeking attention through temporary disruptions rather than severe operational damage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 5, 2022, Russian-speaking hackers from the group Killnet claimed responsibility for cyberattacks that disrupted state government websites in Mississippi, Colorado, and Kentucky. The attacks caused intermittent outages, with affected sites sporadically accessible throughout the morning and afternoon as administrators worked to restore services. Among the impacted systems was Kentucky’s Board of Elections website, which provides voter registration information, though the direct cause of its downtime remained unconfirmed. Killnet, a pro-Kremlin hacktivist collective active since Russia’s invasion of Ukraine, publicly listed U.S. state websites as targets on Telegram alongside anti-NATO messaging. The group employed crude disruption tactics—likely distributed denial-of-service (DDoS) attacks—to temporarily overwhelm sites without causing permanent infrastructure damage. Mississippi’s government portals, along with Kentucky’s election site and broader *.ky.gov services, were restored by Wednesday afternoon. Colorado’s state web portal remained unstable, prompting its Office of Information Technology to take it offline indefinitely while confirming other essential services operated normally. The EI-ISAC (Election Infrastructure Information Sharing and Analysis Center) noted multiple states reported connection issues consistent with suspected cyberattacks.
The incidents primarily affected informational websites used for tourism promotion and resident services, with no compromise of core election infrastructure or voting systems. Kentucky Interactive, managing Kentucky’s government sites, acknowledged abnormal traffic causing intermittent interruptions and collaborated with state officials to mitigate the issue. Mississippi’s government did not publicly comment on its restoration efforts. Federal agencies, including CISA and the FBI, assessed that such attacks posed minimal risk to election integrity, emphasizing their inability to disrupt voting at scale. Killnet’s history included similar short-term disruptions, such as briefly taking down a U.S. Congress site in July 2022 and targeting Lithuanian entities over geopolitical disputes. While the attacks caused temporary inconvenience by limiting access to public resources, no data breaches, system manipulations, or extended operational failures were reported. Colorado’s incident response team confirmed the attack’s foreign origin but provided no restoration timeline, underscoring the contained yet persistent nature of the disruptions.