Cyber Incident Victim: Starlink
Date:
Nov 2022
Location:
United States of America
Summary
A Russian-aligned threat group known as Killnet claimed responsibility for distributed denial-of-service (DDoS) attacks targeting Starlink, causing service disruptions and login issues for users, alongside similar attacks against WhiteHouse.gov and the Prince of Wales' website. Trustwave researchers corroborated the group's claims, attributing the incidents to Killnet's retaliation against entities supporting Ukraine, though assessed the attacks as technically unsophisticated. The group publicly boasted about the disruptions via Telegram and threatened expanded operations against organizations opposing Russian interests, including prior targeting of UK healthcare, financial, and military infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 17, 2022, the pro-Russian hacktivist group Killnet initiated distributed denial-of-service (DDoS) attacks against multiple high-profile targets, including WhiteHouse.gov, as part of a coordinated campaign. The group escalated these attacks the following day, November 18, by targeting Starlink, the satellite internet service operated by Elon Musk’s SpaceX. This attack caused service disruptions for Starlink users, manifesting primarily as login failures that prevented access to the platform. Killnet publicly claimed responsibility for the Starlink outage through posts on Telegram channels, framing the attack as retaliation for the company’s support of Ukraine amid the ongoing conflict with Russia. Trustwave researchers later corroborated these claims by analyzing user reports on Reddit that detailed the timing and nature of the Starlink disruptions, confirming alignment with Killnet’s timeline. The group continued its campaign on November 22 by launching another DDoS attack against the official website of the Prince of Wales, further expanding its list of symbolic targets.
Trustwave’s technical assessment characterized Killnet’s operations as relatively unsophisticated DDoS attacks lacking advanced tooling or novel techniques. Despite this limited technical capability, the attacks successfully disrupted services at each named target, demonstrating the group’s ability to generate disruptive volume. The Starlink outage specifically impacted user authentication systems, though the duration and geographic scope of the interruption were not detailed in available reports. Killnet supplemented its attacks with threats of escalation, vowing to target additional entities opposing Russian interests, including the UK’s National Health Service (NHS), London Stock Exchange, and British Army. Trustwave noted the group’s pattern of leveraging geopolitical narratives—particularly opposition to Western support for Ukraine—to justify its actions. No mitigation efforts or responses from Starlink, White House IT teams, or other affected organizations were documented in the available reporting. The incidents underscored Killnet’s persistent focus on high-visibility, psychologically impactful targets despite its reliance on conventional attack methods.