Cyber Incident Victim: Kentucky State Government
Date:
Oct 2022
Location:
United States of America
Summary
Russian-speaking hackers from the group Killnet disrupted multiple US state government websites, including Kentucky's, through cyberattacks causing intermittent outages. The affected systems included voter information portals and general government services, though officials confirmed no direct impact on election infrastructure. The group, known for politically motivated disruptions supporting Russian interests, employed crude tactics like DDoS attacks to temporarily knock sites offline without causing lasting damage. While some services were restored quickly, others experienced prolonged accessibility issues. US cybersecurity agencies assessed such incidents as low-risk for large-scale election disruption, emphasizing the attacks' limited operational impact despite their high-profile nature.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 5, 2022, Russian-speaking hacking group Killnet claimed responsibility for cyberattacks causing intermittent outages on multiple US state government websites, including those operated by the Kentucky state government. The attacks targeted informational websites used for promoting tourism and providing resident services, with the Kentucky Board of Elections' voter registration information portal among the affected systems. Administrators in Kentucky, Colorado, and Mississippi worked throughout the morning and afternoon to restore sporadic access as websites fluctuated between online and offline states. The Kentucky Board of Elections website was temporarily knocked offline but restored by Wednesday afternoon alongside other Kentucky.gov domains. Carlos Luna of Kentucky Interactive, the contractor managing state websites, confirmed abnormal traffic patterns caused the interruptions and stated ongoing investigation and mitigation efforts with state officials.
The incident occurred amid heightened concerns about election security ahead of the November midterm elections, though officials emphasized that affected sites like the Kentucky Board of Elections portal did not handle vote casting or tabulation. Colorado's Office of Information Technology explicitly attributed their web portal outage to a cyberattack claimed by a "suspected foreign actor," while maintaining other state services remained operational without a restoration timetable. Killnet publicly listed the state websites as targets on Telegram alongside anti-NATO messaging, consistent with their pattern of politically motivated distributed denial-of-service (DDoS) attacks against NATO-aligned entities following Russia's invasion of Ukraine. Federal agencies including CISA and the FBI reiterated that such attacks typically cause temporary disruptions without compromising critical infrastructure or enabling largescale election interference. By Wednesday afternoon, Kentucky and Mississippi had restored most website functionality, while Colorado continued addressing residual accessibility issues.