KillNet Claims DDoS Attack Against Royal Family Website

The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.

2 Min Read
The British flag with the silhouette of the head of King Charles on top of it
Source: Ink Drop via Alamy Stock Photo

The official website of the UK royal family was subject to a distributed denial-of-service (DDoS) attack on the morning of Sunday, Oct. 1, thanks to pro-Russian hacktivists.

The resulting downtime for royal.uk began around 10 a.m. BST, and only lasted for around 90 minutes. As of this writing, though, visitors to the site are still being vetted by a Cloudflare security check prior to loading the homepage.

While the site was down, the Russian threat actor KillNet claimed responsibility. It was an "attack on pedophiles," the group's founder, Killmilk, called it in a Telegram post.

Security experts have not independently verified KillNet's attribution, though it wouldn't be the first time Killnet has scored a cheap media victory in the name of Russian nationalism.

KillNet's PR Stunts

"It is in line with their modus operandi," explains Eli Nussbaum, managing director at Conversant Group.

"Where we often think of Russian cyber threat actors as launching more destructive attacks like malware or ransomware," he explains KillNet has built a reputation for less damaging DoS and DDoS attacks, particularly against public and private organizations located in Ukraine and NATO member countries. "Their activities are designed to bring attention to their political cause (in this case, support for Russia in the Russia/Ukraine conflict), widen the battlefield, and likely shift popular support within Ukraine's allies."

Sunday's attack was a perfect case-in-point, coming just 10 days after King Charles appeared at the Palais du Luxembourg, home of the French senate, and condemned the Russian invasion of Ukraine. "Now, more than 80 years since we fought, side by side, for the liberation of Europe, we once again face unprovoked aggression on our continent," Charles said in a bilingual speech.

Defending Against DoS

In April, the UK National Cyber Security Center warned about Russian state-aligned threat actors causing havoc in Britain. "While the cyber activity of these groups often focuses on DDoS attacks, website defacements, and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact against western critical national infrastructure," it explained.

The ease with which a cybercrime outfit took down a premier government website in this case only further highlights the need for organizations to protect against such groups.

Besides general cyber protections, Nussbaum suggests, "defending against DDoS attacks requires protecting Domain Name Servers and the actual workloads (protocols and resources). Further, ensuring that systems are scalable to support amplified loads may mitigate the impact of an attack. Opting into DNS-based DDoS protection services is a good first step."

"DDoS attacks generally aren't as crippling as ransomware, but because the royal family is so highly visible, this activity has certainly made a statement. In part, that statement may be construed as a warning that no one is immune to their reach and power," he says.

About the Author

Nate Nelson, Contributing Writer

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights