{"id":54694,"date":"2023-11-27T16:14:00","date_gmt":"2023-11-27T16:14:00","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35231\/Leader-Of-Killnet-Crew-Unmasked-By-Russian-State-Media.html"},"modified":"2023-11-27T16:14:00","modified_gmt":"2023-11-27T16:14:00","slug":"leader-of-killnet-crew-unmasked-by-russian-state-media","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/","title":{"rendered":"Leader Of Killnet Crew Unmasked By Russian State Media"},"content":{"rendered":"<p><span class=\"label\">Infosec in Brief<\/span> Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won&#8217;t ever find the state trying to unmask them either \u2013 as long as they keep supplying the attacks on Axis nations. It&#8217;s the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.<\/p>\n<p>Moscow-based Gazeta.ru has named a man it alleges to be the leader of pro-Russia DDoS merchants Killnet, known as &#8220;Killmilk,&#8221; in an expose following earlier claims that he started targeting the Russian Federation.<\/p>\n<p>Known for spearheading major attacks on targets like US government agencies, the European Parliament, and a bunch of hospitals, Killmilk has rarely done any media work but when he <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-67029296\" rel=\"nofollow\">has<\/a>, he wore a balaclava in a continued bid to evade identification.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Gazeta.ru claims to have confirmed its <a href=\"https:\/\/www.gazeta.ru\/tech\/2023\/11\/21\/17878753.shtml?updated\" rel=\"nofollow\">findings<\/a> with other so-called hacktivists and sources within Russian law enforcement. The outlet alleges the person they named has been convicted of drug dealing in the past, and is claimed to have launched attacks on Russian state infrastructure and private sector organizations.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Killmilk also apparently has critics in the cybercrime underworld, with many &#8220;colleagues&#8221; considering challenging Killmilk&#8217;s authority within the Killnet group, but backing down because of the individual&#8217;s tendencies to retaliate.<\/p>\n<p>&#8220;A lot of people are tired of Killmilk,&#8221; hacktivist NET-WORKER told the publication. &#8220;Behind the scenes, a significant portion of pro-Russian groups oppose him. But they are afraid to &#8216;have a bite&#8217; with him in public. First of all, they are afraid of de-anonymization \u2013 Killmilk likes to reveal the identities of its competitors or blackmail them with this information.&#8221;<\/p>\n<h3 class=\"crosshead\">Qakbot all but dead and buried following FBI takedown<\/h3>\n<p>As we&#8217;ve seen with botnets like Emotet, coordinated law enforcement takedowns aren&#8217;t always permanently effective, but the FBI&#8217;s shuttering of Qakbot in August appears to be having the desired effect.<\/p>\n<p>Huntress released its SMB security report this week showing that attempted Qakbot exploits have roughly halved since the takedown.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Current attempts are thought to be essentially neutered, the company said, although attempts still remain. By the end of next quarter, it&#8217;s expected to be gone for good\u2026 off the map completely.<\/p>\n<p>The <a href=\"https:\/\/www.huntress.com\/hubfs\/SMB-Threat-Report-Huntress.pdf\" rel=\"nofollow\">report<\/a> [PDF] is rich in insights and is well worth a look. Other highlights note that most attacks (56 percent) use no malware at all and instead use living-off-the-land methods \u2013 using legitimate tools like remote monitoring applications to blend in with normal network traffic. Attackers establish stealthy persistence with this method that can open up organizations to various follow-on attacks, such as data theft or having that remote access sold to a ransomware group.<\/p>\n<p>The most often abused tool was ConnectWise, followed by AnyDesk, NetSupport, and TeamViewer. While they&#8217;re not strictly remote management tools, Huntress said it aligned with CISA&#8217;s more simplified categorizations of these and similar tools.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>It also noted that while LockBit is still the ransomware strain used in 25 percent of all attacks, eclipsing it are unknown or defunct strains accounting for 60 percent of all ransomware incidents in Q3 2023.<\/p>\n<h3 class=\"crosshead\">Australia backs down on ransomware payment ban<\/h3>\n<p>A year after saying it was looking at ways to ban ransomware payments, the Australian government backtracked on this proposal, saying &#8220;it is clearly not the right time at this moment to ban ransoms&#8221; as it launched its <a href=\"https:\/\/www.homeaffairs.gov.au\/cyber-security-subsite\/files\/2023-cyber-security-strategy.pdf\" rel=\"nofollow\">2023-2030 Australian Cyber Security Strategy<\/a> [PDF].<\/p>\n<p>While Home Affairs Minister Clare O&#8217;Neil&#8217;s preference was to ban them, this proposal is now being pushed back two years while the country aims to implement the infrastructure required to impose a ban. This would include equipping its law enforcement agencies with the right resources to enforce it, and setting support systems for victims, per the <a href=\"https:\/\/www.afr.com\/politics\/federal\/ban-on-paying-hacker-ransoms-is-inevitable-but-not-yet-labor-20231122-p5eltz\" rel=\"nofollow\">Australian Financial Review<\/a>.<\/p>\n<p>In the meantime, among the government&#8217;s many plans to tackle cybercrime is to implement a no-fault, no-liability reporting service that will mandate ransomware incident reporting across the country. This is so Australia can &#8220;build an improved picture of the ransomware threat so that [it] can develop appropriate responses.&#8221;<\/p>\n<p>The official line is to not pay ransoms, and that hasn&#8217;t changed. Though, many have complained of a lack of support in how to deal with ransom demands, the government said, so it&#8217;s going to build a ransomware playbook for victims to follow.&nbsp;<\/p>\n<p>&#8220;This playbook will provide clear guidance to businesses and citizens on how to prepare for,&nbsp;deal with, and bounce back from ransom demands.&#8221;<\/p>\n<p>It&#8217;s also funneling $26.2 million AUD into support for Pacific Island nations suffering serious cybersecurity incidents in a program called Cyber Rapid Assistance for Pacific Incidents and Disasters, or RAPID.<\/p>\n<h3 class=\"crosshead\">China-based attackers stole chip designs from NXP after lurking in network for 2 years, claims report<\/h3>\n<p>Dutch daily paper NRC <a target=\"_blank\" href=\"https:\/\/www.nrc.nl\/nieuws\/2023\/11\/24\/spionage-chinese-hackersgroep-zat-jarenlang-in-het-netwerk-van-de-nederlandse-chipfabrikant-nxp-a4182149?s=31\" rel=\"noopener\">reported<\/a> on Friday that $52 billion market cap NXP Semiconductor had inadvertently played host to Chimera, a group of China-state-linked attackers for over two years, potentially as part of a bigger state spying program to nick Western semiconductor tech. According to the report, the group can be &#8220;recognized&#8221; by the password they use to encrypt the loot: <code>fuckyou.google.com<\/code>.<\/p>\n<p>NRC&#8217;s report noted that the chipmaker&#8217;s data had been exfiltrated using the ChimeRAR tool, a modified version of the zip software. After initial infiltration using reused credentials in 2017, the outlet reported that the miscreants hung around for years, patiently waiting for the motherlode and checking for data only a few times a month, which they snuck out using encrypted files uploaded to OneDrive, Dropbox, and Google cloud. The group targeted chip designs and more, said the report. NXP, which spun out of Philips in 2006, makes the secure elements in iPhone chippery used for Apple Pay, as well as the MiFARE chips used in transportation access systems including the UK&#8217;s TfL, the Netherlands&#8217; OV-chipkaart, Canada&#8217;s Presto and Moscow&#8217;s Metro.<\/p>\n<p>Semiconductor designer NXP, the second biggest chip player in the Europe after fellow ex-Philips stablemate ASML, told NRC (translated from the Dutch): &#8220;As stated in our 2019 annual report, we discovered that some of our IT systems appeared to be compromised. After a thorough investigation, we determined that this did not result in material damage to our business operations. At NXP we take data security very seriously. We have learned from this experience and are prioritizing improving the protection of our IT systems to ward off cyber threats.&#8221;<\/p>\n<h3 class=\"crosshead\">Justin Sun&#8217;s bad month got much worse this week<\/h3>\n<p>After having his Poloniex exchange attacked and drained of circa $120 million <a href=\"https:\/\/www.theregister.com\/2023\/11\/10\/justin_sun_poloniex_reward\/\">earlier this month<\/a>, two additional crypto projects linked to the investor have been attacked this week with losses estimated to be in the region of a further $130 million.&nbsp;<\/p>\n<p>The HTX exchange was drained of $30 million worth of assets, CNBC <a href=\"https:\/\/www.cnbc.com\/2023\/11\/23\/htx-heco-chain-crypto-hack-115-million-stolen-so-far.html\" rel=\"nofollow\">reported<\/a>, as well as Heco Chain ransacked for $84.5 million \u2013 most of which being stablecoins (cryptocurrencies tied to fiat currencies).<\/p>\n<p>Also succumbing to an attack this week was crypto investment house Kronos Research, leading to a total loss of $26 million in crypto assets, it said.<\/p>\n<p>The incident involved an unidentified (for now) third party accessing its API keys. Despite the sizeable theft, the company reassured that the losses wouldn&#8217;t materially impact the company or its partners, and that internal funds would cover the losses.<\/p>\n<p>&#8220;We&#8217;re prioritizing our resources to resume servicing the exchanges and token projects we provide liquidity for,&#8221; it <a href=\"https:\/\/twitter.com\/ResearchKronos\/status\/1726203102842466650\" rel=\"nofollow\">said<\/a> via X. &#8220;This is the first time since 2018 we&#8217;ve halted trading, and we are confident we will bounce back stronger than ever.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35231\/Leader-Of-Killnet-Crew-Unmasked-By-Russian-State-Media.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9909],"class_list":["post-54694","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentrussiadenial-of-servicecyberwar"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Leader Of Killnet Crew Unmasked By Russian State Media 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Leader Of Killnet Crew Unmasked By Russian State Media 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-27T16:14:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Leader Of Killnet Crew Unmasked By Russian State Media\",\"datePublished\":\"2023-11-27T16:14:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/\"},\"wordCount\":1277,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,hacker,government,russia,denial of service,cyberwar\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/\",\"name\":\"Leader Of Killnet Crew Unmasked By Russian State Media 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-11-27T16:14:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/leader-of-killnet-crew-unmasked-by-russian-state-media\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,russia,denial of service,cyberwar\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentrussiadenial-of-servicecyberwar\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Leader Of Killnet Crew Unmasked By Russian State Media\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Leader Of Killnet Crew Unmasked By Russian State Media 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/","og_locale":"en_US","og_type":"article","og_title":"Leader Of Killnet Crew Unmasked By Russian State Media 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-11-27T16:14:00+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Leader Of Killnet Crew Unmasked By Russian State Media","datePublished":"2023-11-27T16:14:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/"},"wordCount":1277,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,hacker,government,russia,denial of service,cyberwar"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/","url":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/","name":"Leader Of Killnet Crew Unmasked By Russian State Media 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-11-27T16:14:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZWVTl4W7ZtDGDXJywIGBHAAAAA0&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/leader-of-killnet-crew-unmasked-by-russian-state-media\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,russia,denial of service,cyberwar","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentrussiadenial-of-servicecyberwar\/"},{"@type":"ListItem","position":3,"name":"Leader Of Killnet Crew Unmasked By Russian State Media"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54694"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54694\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}