"Killnet Releases 'Proof' of its Attack Against Lockheed Martin"
On August 1, Lockheed Martin was supposedly targeted with a DDoS attack delivered by the pro-Russian hacker group Killnet. Killnet also claimed to have stolen Lockheed Martin employee data and threatened to share that data. There has been no word from Lockheed Martin about the supposed attack beyond the company, saying that it is aware of the reports and they have policies and procedures in place to mitigate cyber threats to its business. The company also stated that they remain confident in the integrity of its robust, multi-layered information systems and data security. Killnet is a pro-Russia group that specializes in DoS and DDoS attacks. It is thought to have been formed in March 2022, and its primary motivation is retaliation against perceived enemies of Russia. Killnet is believed to be responsible for politically motivated attacks in Romania, Moldova, the Czech Republic, Italy, Lithuania, Norway, and Latvia. In late June 2022, it claimed responsibility for the attack against Lithuania, which it said was in retaliation for the restrictions imposed by Lithuania against Russia earlier in June. Lockheed Martin produced the high mobility artillery rocket system (HIMARS) provided by the US to Ukraine and used to significant effect against the invading Russian army. On August 11, 2022, Killnet reportedly shared a video on its Telegram group that claims to depict PII of Lockheed Martin employees. DDoS attacks are sometimes used to disguise and enable data exfiltration, so the claim is not beyond the bounds of plausibility. A threat intelligence analyst at Searchlight Security, Louise Ferrett, examined the video and stated that the video appears to be of Lockheed Martin employee names, email addresses, and phone numbers, with pictures of people, presumably the employees overlaid. Ferrett stated that cross-referencing a sample of the data, it does appear that they are or were genuine Lockheed employees. However, that does not necessarily confirm that the company was breached. Ferret stated that, for example, this could be a re-hash of old or open source data in an attempt to undermine the organization and intimidate its employees. Without a comment from Lockheed Martin or proof from Killnet, this is more likely to be a propaganda exercise from a pro-Russian hacking group than a successful attack against Lockheed Martin.
SecurityWeek reports: "Killnet Releases 'Proof' of its Attack Against Lockheed Martin"