Cyber Incident Victim: Federal Bureau of Investigation
Date:
Nov 2022
Location:
United States of America
Summary
A pro-Russian hacking group known as KillNet claimed responsibility for a distributed denial-of-service attack targeting FBI websites, temporarily disrupting access to the agency's Law Enforcement Enterprise Portal, job site, and law enforcement resource platforms. The group, classified as a low-level threat collective of Russian cybercriminals turned Kremlin-aligned hacktivists, has previously targeted U.S. critical infrastructure including airport websites and state government portals. KillNet recruits volunteers into specialized squads to conduct DDoS attacks against Western nations as part of its activities supporting Moscow's interests, though the FBI noted such attacks typically achieve limited operational impact. All affected sites were restored to normal accessibility following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 14, 2022, the pro-Russian hacking collective KillNet claimed responsibility for a distributed denial-of-service (DDoS) attack targeting multiple FBI websites. The group announced the attack via its Telegram channel, cross-posting a message from an affiliated entity called Radis that included links demonstrating connection errors affecting the FBI’s Law Enforcement Enterprise Portal (LEEP), an FBI job recruitment site, and a portal for law enforcement resources. BetterCyber, a data breach notification service, confirmed the LEEP platform was inaccessible as of midday that Monday. The LEEP system provides web-based investigative tools and analytical resources to U.S. law enforcement and intelligence agencies. All affected FBI websites were restored to normal operation shortly after the incident. The FBI did not issue an immediate public statement regarding the disruption but had previously acknowledged awareness of pro-Russian hacktivist groups conducting DDoS campaigns against critical infrastructure entities with "limited success."
KillNet, named after a tool used to launch DDoS attacks, evolved from a Russian cybercrime group into a Kremlin-aligned hacktivist operation following Russia’s invasion of Ukraine in February 2022. Digital Shadows reported the group actively recruited volunteers post-invasion, organizing them into specialized squads—including "Kratos," "Rayd," and "Zarya"—to coordinate DDoS operations against Western targets. Prior to the FBI incident, KillNet targeted U.S. airport websites in October 2022 and temporarily disabled several American state government web portals. The collective also attempted to disrupt online voting for the 2022 Eurovision Song Contest hosted in Turin, Italy, an attack thwarted by Italian law enforcement. KillNet’s activities are broadly categorized as low-sophistication nuisance attacks, aligning with its historical pattern of targeting geographically diverse entities perceived as adversarial to Russian interests.