Cyber Incident Victim: United States of America
Date:
Oct 2022
Location:
United States of America
Summary
Russian-speaking hackers associated with the Killnet group disrupted multiple U.S. state government websites, including those in Colorado, Kentucky, and Mississippi, causing intermittent outages that temporarily affected access to public services and informational portals like voter registration resources. The group, known for politically motivated cyberattacks supporting Russian interests following the invasion of Ukraine, claimed responsibility for the disruptions, which involved crude tactics to knock sites offline without causing lasting infrastructure damage. Officials confirmed the incidents but emphasized that such attacks were unlikely to compromise election integrity or prevent voting, as targeted systems were not directly involved in vote casting or counting. While some services remained partially available during mitigation efforts, the hackers leveraged social media to publicize their actions, aligning with their pattern of seeking attention for disruptive but low-severity operations against NATO-affiliated entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 5, 2022, Russian-speaking hackers from the group Killnet claimed responsibility for cyberattacks that disrupted state government websites in Colorado, Kentucky, and Mississippi. The attacks caused intermittent outages throughout Wednesday, affecting sites used for promoting tourism and providing resident services. Administrators in these states worked to restore access, with websites sporadically available during the morning and afternoon. Kentucky’s Board of Elections website, which hosts voter registration information but does not handle vote casting or counting, also experienced temporary downtime, though the specific cause remained unconfirmed at the time. The Colorado Governor’s Office of Information Technology confirmed taking a state web portal offline due to a cyberattack attributed to an "anonymous suspected foreign actor," while emphasizing other state services remained operational. By Wednesday afternoon, Mississippi and Kentucky had restored most website functionality, including Kentucky’s Board of Elections site, but Colorado’s portal remained unstable with no restoration timetable. The EI-ISAC (Election Infrastructure Information Sharing and Analysis Center), which collaborates with federal agencies on election security, noted multiple states reported connection issues consistent with suspected cyberattacks. Killnet publicly listed the targeted state websites on Telegram beneath an anti-NATO message, continuing their pattern of politically motivated disruptions following Russia’s invasion of Ukraine in February 2022.
The group employed crude hacking techniques to temporarily overwhelm websites with traffic, causing disruptions without deeper infrastructure compromise. Kentucky Interactive, the contractor managing Kentucky’s government websites, acknowledged "abnormal traffic" led to intermittent interruptions but provided no technical specifics. Federal agencies, including CISA and the FBI, reiterated that such attacks were unlikely to cause large-scale election disruptions or prevent voting, as affected sites like the Kentucky Board of Elections portal were informational rather than part of core voting infrastructure. Killnet’s activities align with prior incidents, including a July 2022 attack on a U.S. Congress website and June 2022 cyberattacks against Lithuanian entities after the country restricted goods to Kaliningrad. Cybersecurity experts characterized Killnet as a loose collective of Kremlin-aligned "hacktivists" seeking publicity through disruptive but limited-impact operations, noting the need to avoid amplifying their low-level threats. The incident underscored ongoing concerns about digital disruptions ahead of the November 2022 midterm elections, though no evidence suggested voter registration databases or election management systems were compromised. Restoration efforts varied by state, with Colorado continuing to address lingering accessibility issues while others stabilized services by the end of the incident day.