How to Protect Yourself from KillNet Threat

Posted February 1, 2023 by Chris Glanden 

What is Killnet?

KillNet is a pro-Russian hacktivist group currently targeting the U.S. healthcare industry. They have previously targeted this sector and is currently active in acquiring media attention for its attacks. The group is known to launch distributed denial of service (DDoS) assaults aiming to cripple systems. DDoS attacks involve sending a large number of connection requests and packets to a target server or website, slowing it down substantially.

When did it start and who is affected?

KillNet has been around for about a year.  However, on Jan 28. 2023, The U.S. Department of Health & Human Services Health Sector Cybersecurity Coordination Center (HC3) identified targeted attacks to healthcare organizations nationwide including Stanford (Calif.) Health Care, Los Angeles-based Cedars-Sinai Medical Center, Charlotte, N.C.-based Atrium Health, and many more.  They have also been targeting top Universities; including Stanford and Duke.  Previously, they have targeted government agencies, transportation, financial and other industries.

How damaging is the attack?

While KillNet’s DDoS attacks typically don’t cause major damage, they can cause service outages lasting several hours or even days. This could cause a major impact within the healthcare sector, resulting in appointment delays, ER downtime, and ambulance diversions.

How to protect yourself from this threat?

In order to mitigate the risk of a KillNet DDoS attack, it’s important to understand your security posture, external attack surface and your security controls in place to mitigate this type threat. Upstream defenses, such as firewalls (especially Web Application Firewalls) and Cloud-based DDoS protection services, can help protect your systems and services from unauthorized access and disruption. The scaling of these controls should be considerate of the level of traffic expected from this type of attack could be significant. Review your incident response plan, as it should outline the processes to implement in the event of an attack and the steps that need to be taken to restore normal operations. Lastly, leverage monitoring and observability tools for tracking of changes and anomalies to ensure your service remains operational during high-traffic periods.

For more information, please reach out to Sayers.

Reference to affected organizations, click here.


  • Atlanta
    675 Mansell Road, Suite 115
    Roswell, GA 30076
  • Boston
    25 Walpole Park South, Suite 12, Walpole, MA 02081
  • Rosemont
    10275 W. Higgins Road, Suite 470 Rosemont, IL 60018
  • Vernon Hills - Corporate Headquarters
    960 Woodlands Parkway Vernon Hills, IL 60061


  • Bloomington
    1701 E Empire St Ste 360-280 Bloomington, IL 61704
  • Chicago
    233 S Wacker Dr. Suite 9550 Chicago, IL 60606
  • Tampa
    380 Park Place, Suite 130, Clearwater, FL 33759

Have a Question?

Subscribe Contact us