Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Killnet Releases ‘Proof’ of Its Attack Against Lockheed Martin

On August 1, Lockheed Martin was supposedly targeted with a DDoS attack delivered by the pro-Russian hacker group Killnet. The information came via the Moscow Times who reported Killnet’s claim for responsibility. 

On August 1, Lockheed Martin was supposedly targeted with a DDoS attack delivered by the pro-Russian hacker group Killnet. The information came via the Moscow Times who reported Killnet’s claim for responsibility. 

Newsweek added that Killnet claimed to have stolen Lockheed Martin employee data and threatened to share that data.

There has been no word from Lockheed Martin about the supposed attack beyond telling Newsweek it is “aware of the reports and have policies and procedures in place to mitigate cyber threats to our business,” adding that “we remain confident in the integrity of our robust, multi-layered information systems and data security.”

Killnet is a pro-Russia group that specializes in DoS and DDoS attacks. It is thought to have been formed in March 2022, and that its primary motivation is retaliation against perceived enemies of Russia. It is believed to be responsible for politically motivated attacks in Romania, Moldova, the Czech Republic, Italy, Lithuania, Norway and Latvia – as well as Eurovision 2022. 

It claimed responsibility for the attack against Lithuania in late June 2022, which it said was in retaliation for the restrictions imposed by Lithuania against Russia earlier in June.

Lockheed Martin produces the high mobility artillery rocket system (HIMARS) provided by the US to Ukraine and used to great effect against the Russian invading army. Lockheed Martin is consequently a natural target for pro-Russia hacking groups.

On August 11, 2022, Killnet reportedly shared a video on its Telegram group that claims to depict PII of Lockheed Martin employees. DDoS attacks are sometimes used to disguise and enable data exfiltration, so the claim is not beyond the bounds of plausibility.

Louise Ferrett, a threat intelligence analyst at Searchlight Security, has examined the video. It comprises, she said, “what appears to be Lockheed Martin employee names, email addresses, and phone numbers, with pictures of people – presumably the employees – overlaid.”

Advertisement. Scroll to continue reading.

Killnet also uploaded two spreadsheets with the message (translated from Russian), “For those who have nothing to do, you can email Lockheed Martin Terrorists – photos and videos of the consequences of their manufactured weapons! Let them realize what they create and what they contribute to.”

However, Ferret is not convinced. “Cross-referencing a sample of the data it does appear that they are or were genuine Lockheed employees, however that does not necessarily confirm that the company was breached,” she said. “For example, this could be a re-hash of old or open source data in an attempt to undermine the organization and intimidate its employees.”

On the one hand, Lockheed Martin has said nothing about an attack, nevermind a breach. That, however, proves nothing either way. On the other hand, Killnet has failed to provide irrefutable evidence of exfiltrated data – which again doesn’t prove anything.

Without a comment from Lockheed Martin or proof from Killnet, this is more likely to be a propaganda exercise from a pro-Russian hacking group than a successful attack against Lockheed Martin. SecurityWeek has asked the HIMARS manufacturer for a comment on Killnet’s latest claims and will append any response we receive.

Related: Hacked Ukrainian Military Emails Used in Attacks on European Governments

Related: Russia vs Ukraine – The War in Cyberspace

Related: Russia, Ukraine and the Danger of a Global Cyberwar

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...