{"id":54683,"date":"2023-11-27T11:02:09","date_gmt":"2023-11-27T11:02:09","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/"},"modified":"2023-11-27T11:02:09","modified_gmt":"2023-11-27T11:02:09","slug":"leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/","title":{"rendered":"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media"},"content":{"rendered":"<p><span class=\"label\">Infosec in Brief<\/span> Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won&#8217;t ever find the state trying to unmask them either \u2013 as long as they keep supplying the attacks on Axis nations. It&#8217;s the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.<\/p>\n<p>Moscow-based Gazeta.ru has named a man it alleges to be the leader of pro-Russia DDoS merchants Killnet, known as &#8220;Killmilk,&#8221; in an expose following earlier claims that he started targeting the Russian Federation.<\/p>\n<p>Known for spearheading major attacks on targets like US government agencies, the European Parliament, and a bunch of hospitals, Killmilk has rarely done any media work but when he <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-67029296\" rel=\"nofollow\">has<\/a>, he wore a balaclava in a continued bid to evade identification.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Gazeta.ru claims to have confirmed its <a href=\"https:\/\/www.gazeta.ru\/tech\/2023\/11\/21\/17878753.shtml?updated\" rel=\"nofollow\">findings<\/a> with other so-called hacktivists and sources within Russian law enforcement. The outlet alleges the person they named has been convicted of drug dealing in the past, and is claimed to have launched attacks on Russian state infrastructure and private sector organizations.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Killmilk also apparently has critics in the cybercrime underworld, with many &#8220;colleagues&#8221; considering challenging Killmilk&#8217;s authority within the Killnet group, but backing down because of the individual&#8217;s tendencies to retaliate.<\/p>\n<p>&#8220;A lot of people are tired of Killmilk,&#8221; hacktivist NET-WORKER told the publication. &#8220;Behind the scenes, a significant portion of pro-Russian groups oppose him. But they are afraid to &#8216;have a bite&#8217; with him in public. First of all, they are afraid of de-anonymization \u2013 Killmilk likes to reveal the identities of its competitors or blackmail them with this information.&#8221;<\/p>\n<h3 class=\"crosshead\">Qakbot all but dead and buried following FBI takedown<\/h3>\n<p>As we&#8217;ve seen with botnets like Emotet, coordinated law enforcement takedowns aren&#8217;t always permanently effective, but the FBI&#8217;s shuttering of Qakbot in August appears to be having the desired effect.<\/p>\n<p>Huntress released its SMB security report this week showing that attempted Qakbot exploits have roughly halved since the takedown.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Current attempts are thought to be essentially neutered, the company said, although attempts still remain. By the end of next quarter, it&#8217;s expected to be gone for good\u2026 off the map completely.<\/p>\n<p>The <a href=\"https:\/\/www.huntress.com\/hubfs\/SMB-Threat-Report-Huntress.pdf\" rel=\"nofollow\">report<\/a> [PDF] is rich in insights and is well worth a look. Other highlights note that most attacks (56 percent) use no malware at all and instead use living-off-the-land methods \u2013 using legitimate tools like remote monitoring applications to blend in with normal network traffic. Attackers establish stealthy persistence with this method that can open up organizations to various follow-on attacks, such as data theft or having that remote access sold to a ransomware group.<\/p>\n<p>The most often abused tool was ConnectWise, followed by AnyDesk, NetSupport, and TeamViewer. While they&#8217;re not strictly remote management tools, Huntress said it aligned with CISA&#8217;s more simplified categorizations of these and similar tools.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>It also noted that while LockBit is still the ransomware strain used in 25 percent of all attacks, eclipsing it are unknown or defunct strains accounting for 60 percent of all ransomware incidents in Q3 2023.<\/p>\n<h3 class=\"crosshead\">Australia backs down on ransomware payment ban<\/h3>\n<p>A year after saying it was looking at ways to ban ransomware payments, the Australian government backtracked on this proposal, saying &#8220;it is clearly not the right time at this moment to ban ransoms&#8221; as it launched its <a href=\"https:\/\/www.homeaffairs.gov.au\/cyber-security-subsite\/files\/2023-cyber-security-strategy.pdf\" rel=\"nofollow\">2023-2030 Australian Cyber Security Strategy<\/a> [PDF].<\/p>\n<p>While Home Affairs Minister Clare O&#8217;Neil&#8217;s preference was to ban them, this proposal is now being pushed back two years while the country aims to implement the infrastructure required to impose a ban. This would include equipping its law enforcement agencies with the right resources to enforce it, and setting support systems for victims, per the <a href=\"https:\/\/www.afr.com\/politics\/federal\/ban-on-paying-hacker-ransoms-is-inevitable-but-not-yet-labor-20231122-p5eltz\" rel=\"nofollow\">Australian Financial Review<\/a>.<\/p>\n<p>In the meantime, among the government&#8217;s many plans to tackle cybercrime is to implement a no-fault, no-liability reporting service that will mandate ransomware incident reporting across the country. This is so Australia can &#8220;build an improved picture of the ransomware threat so that [it] can develop appropriate responses.&#8221;<\/p>\n<p>The official line is to not pay ransoms, and that hasn&#8217;t changed. Though, many have complained of a lack of support in how to deal with ransom demands, the government said, so it&#8217;s going to build a ransomware playbook for victims to follow.&nbsp;<\/p>\n<p>&#8220;This playbook will provide clear guidance to businesses and citizens on how to prepare for,&nbsp;deal with, and bounce back from ransom demands.&#8221;<\/p>\n<p>It&#8217;s also funneling $26.2 million AUD into support for Pacific Island nations suffering serious cybersecurity incidents in a program called Cyber Rapid Assistance for Pacific Incidents and Disasters, or RAPID.<\/p>\n<h3 class=\"crosshead\">Justin Sun&#8217;s bad month got much worse this week<\/h3>\n<p>After having his Poloniex exchange attacked and drained of circa $120 million <a href=\"https:\/\/www.theregister.com\/2023\/11\/10\/justin_sun_poloniex_reward\/\">earlier this month<\/a>, two additional crypto projects linked to the investor have been attacked this week with losses estimated to be in the region of a further $130 million.&nbsp;<\/p>\n<p>The HTX exchange was drained of $30 million worth of assets, CNBC <a href=\"https:\/\/www.cnbc.com\/2023\/11\/23\/htx-heco-chain-crypto-hack-115-million-stolen-so-far.html\" rel=\"nofollow\">reported<\/a>, as well as Heco Chain ransacked for $84.5 million \u2013 most of which being stablecoins (cryptocurrencies tied to fiat currencies).<\/p>\n<p>Also succumbing to an attack this week was crypto investment house Kronos Research, leading to a total loss of $26 million in crypto assets, it said.<\/p>\n<p>The incident involved an unidentified (for now) third party accessing its API keys. Despite the sizeable theft, the company reassured that the losses wouldn&#8217;t materially impact the company or its partners, and that internal funds would cover the losses.<\/p>\n<p>&#8220;We&#8217;re prioritizing our resources to resume servicing the exchanges and token projects we provide liquidity for,&#8221; it <a href=\"https:\/\/twitter.com\/ResearchKronos\/status\/1726203102842466650\" rel=\"nofollow\">said<\/a> via X. &#8220;This is the first time since 2018 we&#8217;ve halted trading, and we are confident we will bounce back stronger than ever.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/11\/27\/leader_of_prorussia_ddos_crew\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Also: Qakbot on verge of permadeath, Australia can&#8217;t deliver on ransom payment ban (yet), and Justin Sun&#8217;s very bad month Infosec in Brief\u00a0 Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won&#8217;t ever find the state trying to unmask them either \u2013 as long as they keep supplying the attacks on Axis nations. It&#8217;s the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-54683","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-27T11:02:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media\",\"datePublished\":\"2023-11-27T11:02:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/\"},\"wordCount\":994,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/\",\"name\":\"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-11-27T11:02:09+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/","og_locale":"en_US","og_type":"article","og_title":"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-11-27T11:02:09+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media","datePublished":"2023-11-27T11:02:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/"},"wordCount":994,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/","url":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/","name":"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-11-27T11:02:09+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWSFYPhrnUKdJUEX-lI12AAAAEs&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-pro-russia-ddos-crew-killnet-unmasked-by-russian-state-media\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Leader of pro-Russia DDoS crew Killnet unmasked by Russian state media"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54683"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54683\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}