Cyber Incident Victim: Federal Motor Carrier Safety Administration
Date:
Dec 2022
Location:
United States of America
Summary
The Russian hacker group KillNet claimed responsibility for breaching the US Federal Motor Carrier Safety Administration, allegedly compromising an employee's Facebook account to post unauthorized messages demonstrating access. The group also asserted theft of sensitive data including social media credentials, financial details, and medical identification cards, though these claims remained unverified. This incident occurred amid a series of cyber operations by the pro-Kremlin collective targeting Western government entities and private firms supporting Ukraine, following their prior attacks on FBI systems, European Parliament websites, and defense contractors. The agency was among multiple organizations allegedly compromised as part of KillNet's politically motivated campaign against nations opposing Russia's military actions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2022, the pro-Kremlin hacker group KillNet claimed responsibility for breaching the US Federal Motor Carrier Safety Administration (FMCSA) as part of a broader campaign targeting Western entities supporting Ukraine. The group demonstrated unauthorized access to an FMCSA employee’s Facebook account by posting “We are KillNet” on the individual’s profile page, which was documented in a screen recording shared on Russian Telegram channels. This incident occurred amid simultaneous claims by KillNet of infiltrating FBI databases, allegedly compromising personal data of over 10,000 federal agents, including social media passwords, bank details, medical ID cards, and credentials for Google, Apple, and Instagram accounts. While the FMCSA breach specifics beyond the Facebook account takeover were not detailed, KillNet’s broader pattern involved exfiltrating sensitive information such as online store passwords and payment card data. The group publicly circulated screenshots and statements asserting control over compromised accounts, though neither the FBI nor FMCSA breaches were independently verified at the time of reporting. KillNet’s operations frequently utilized Telegram to publicize attacks and disseminate stolen data, aligning with their history of politically motivated cyber activities following Russia’s invasion of Ukraine in February 2022.
The FMCSA breach formed part of KillNet’s sustained offensive against governments and organizations opposing Russian interests, marking one of seventy-six attacks the group claimed against Ukraine’s allies since the war began. Prior operations included DDoS attacks on Prince William’s official website in November 2022, disruptions to the European Parliament’s online services, a June 2022 DDoS campaign against Lithuanian government infrastructure, and an August 2022 breach of Lockheed Martin involving alleged theft of employee data. The FMCSA intrusion reflected KillNet’s recurring tactics of compromising professional and personal accounts to expose institutional vulnerabilities, though the full scope of data accessed at FMCSA remained unclear. No mitigation efforts or responses from FMCSA were disclosed in available reports. The incident coincided with a separate breach of the FBI’s InfraGard platform, where data of 87,000 members was leaked the preceding week, though attribution for that event was not confirmed. KillNet’s activities during this period consistently emphasized disruption and psychological impact through public demonstrations of unauthorized access rather than overt destruction of systems.