Cyber Incident Victim: Prince of Wales
Date:
Nov 2022
Location:
United Kingdom
Summary
A Russian hacking group known as Killnet claimed responsibility for a distributed denial-of-service (DDoS) attack targeting the Prince of Wales' website, citing opposition to UK military support for Ukraine. The incident temporarily disrupted access to the site, which later resumed operations with additional security checks implemented by Cloudflare. Cybersecurity experts characterized the attack as unsophisticated, noting such methods typically overwhelm servers with traffic but are unlikely to compromise sensitive data. The group also issued broader threats against medical, governmental, and online services infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 22, 2022, the Russian hacking group Killnet claimed responsibility for a cyberattack targeting the official website of the Prince of Wales. The group announced the attack via Telegram, explicitly citing the United Kingdom’s provision of high-precision missiles to Ukraine as motivation. Initial reports indicated the attack occurred in the early morning hours, temporarily disrupting access to the website. Technical indicators suggested a distributed denial-of-service (DDoS) attack, consistent with Killnet’s established tactics. DDoS attacks overwhelm web servers with excessive artificial traffic from botnets, rendering sites inaccessible to legitimate users. Cloudflare, a cybersecurity firm providing services to the site, implemented additional security checks during the incident, though the company declined to confirm its involvement. The Prince of Wales’ website resumed normal functionality shortly after the disruption, with no evidence of data compromise or system infiltration. Kensington Palace did not publicly comment on the incident when contacted by media.
The attack’s primary impact was limited to temporary service interruption, with no confirmed data breaches or persistent system damage. A cybersecurity expert characterized the incident as an “unsophisticated” DDoS attack, noting such methods typically exploit compromised botnets to flood targets but rarely enable deeper network access. Web operators generally mitigate these attacks by identifying and blocking malicious IP address clusters, minimizing downtime. Concurrently, Killnet issued broader threats against UK medical institutions, government services, and online platforms, though no additional attacks were verified in immediate connection to this incident. The group has publicly claimed multiple DDoS operations against nations supporting Ukraine since March 2022, including an attempted disruption of the Eurovision Song Contest. Cloudflare’s visible security enhancements on the Prince of Wales’ site post-attack reflected standard defensive measures against volumetric traffic surges. No further disruptions to the site were reported following the initial incident.