Former Eastern Bloc countries Bulgaria, Estonia, Moldova, Poland, and Romania had their intelligence agency websites targeted by failed distributed denial-of-service attacks launched by Russian hacktivist group Killnet over the weekend, reports The Record, a news site by cybersecurity firm Recorded Future.
While Killnet listed the agencies' websites on its Telegram channel, suggesting a successful compromise, all of the sites have been found to function normally, indicating that the DDoS attack has only been extremely brief. Bulgarian Prosecutor-General Ivan Geshev noted that several of the country's government sites have been impacted by a "large-scale" Killnet attack last month but the hacktivist group has not been observed to exhibit sophisticated techniques since its emergence in February.
The failed DDoS attacks follow an FBI industry notice revealing the "limited success" of DDoS attacks deployed by Russian hacktivist groups against critical infrastructure.
"These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service," said the FBI.
While 427,000 Fortinet devices running on FortiOS, FortiProxy, FortiSwitchManager, and FortiPAM iterations impacted by the critical CVE-2024-23113 flaw, another 62,000 FortiManager instances remain susceptible to attacks leveraging the CVE-2024-47575 bug, also known as FortiJump.
Initial access to the targeted SharePoint server through the flaw was leveraged to breach a Microsoft Exchange service account with elevated privileges, deploy the Huorong Antivirus, and install Impacket, resulting in the deactivation of legitimate antivirus systems and lateral movement.
Other Linux-based network devices may have also been targeted by Pygmy Goat, as indicated by its utilization of a fake Fortinet certificate, a pair of remote shells, and several communication wake-up techniques.