Cyber operations against NATO’s aid mission in Turkey and Syria (2023): Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(proofreading, minor edits) |
mNo edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{| class="wikitable" |
{| class="wikitable" |
||
! scope="row"|Date |
! scope="row"|Date |
||
| |
|12 February 2023.<ref name=":0">J Kilner and D Milward, "[https://www.telegraph.co.uk/world-news/2023/02/12/russian-killnet-hackers-disrupt-natos-turkey-syria-earthquake/ Russian hackers disrupt Turkey-Syria earthquake relief]" 12 February 2023, ''The Telegraph''</ref> The cyber operations took place in the aftermath of a massive earthquake, which happened on 6 February 2023 and affected Turkey and Syria.<ref>Center for Disaster Philantrophy, "[https://disasterphilanthropy.org/disasters/2023-turkey-syria-earthquake 2023 Turkey-Syria Earthquake]" 22 September 2023</ref> In response, many states and organizations provided support and aid to the affected areas. |
||
|- |
|- |
||
! scope="row"|Suspected actor |
! scope="row"|Suspected actor |
||
|KillNet, a hacktivist group suspected to be connected to Russia. Its focus mirrors the objectives of Russia although no direct link to the Russian institutions has been uncovered.<ref>Mandiant, "[https://www.mandiant.com/resources/blog/killnet-new-capabilities-older-tactics KillNet Showcases New Capabilities While Repeating Older Tactics]" 20 July 2023</ref> The supposed founder of the KillNet group (KillMilk) |
|KillNet, a hacktivist group suspected to be connected to Russia. Its focus allegedly mirrors the objectives of Russia although no direct link to the Russian institutions has been uncovered.<ref>Mandiant, "[https://www.mandiant.com/resources/blog/killnet-new-capabilities-older-tactics KillNet Showcases New Capabilities While Repeating Older Tactics]" 20 July 2023</ref> The supposed founder of the KillNet group (KillMilk) posted a message about the start of the attack on one of the Telegram channels used by the group.<ref name=":1">R Daws, "[https://www.telecomstechnews.com/news/2023/feb/13/russian-hackers-disrupt-nato-comms-earthquake-relief/ Russian hackers disrupt NATO comms used for earthquake relief]" 13 February 2023, ''Telecoms Tech News''</ref> |
||
|- |
|- |
||
! scope="row"|Target |
! scope="row"|Target |
||
|NATO and the Strategic Airlift Capability (SAC)<ref>"[https://www.sacprogram.org/about-us The Strategic Airlift Capability]"</ref> |
|The apparent targets included NATO and the Strategic Airlift Capability (SAC)<ref>"[https://www.sacprogram.org/about-us The Strategic Airlift Capability]"</ref>, a multinational initiative to provide airlift capability for humanitarian or military support. It is closely tied to NATO through the NATO Airlift Management Programme, which is a legal entity under which SAC operates, and which is a part of the NATO Support and Procurement Agency (NSPA).<ref>"[https://www.sacprogram.org/about-us/namp NATO Airlift Management Programme Office]" </ref> NSPA´s webpage was one of the targeted sites.<ref name=":1" /> |
||
|- |
|- |
||
!Targeted Systems |
!Targeted Systems |
||
Line 13: | Line 13: | ||
|- |
|- |
||
! scope="row" |Method |
! scope="row" |Method |
||
|Series of coordinated DDoS (distributed denial-of-service) attacks. It was announced as an "attack on all NATO units".<ref name=":1" /> |
|Series of coordinated [[Glossary#DDoS|DDoS (distributed denial-of-service) attacks]]. It was announced as an "attack on all NATO units".<ref name=":1" /> |
||
|- |
|- |
||
! scope="row" |Purpose |
! scope="row" |Purpose |
||
|Not stated publicly but the attack was in accord with ongoing general focus of KillNet on governments and organizations |
|Not stated publicly but the attack was in accord with ongoing general focus of KillNet on governments and organizations supporting Ukraine during the ongoing Russia-Ukraine international armed conflict.<ref>C Warner, "[https://warnerchad.medium.com/killnet-who-what-where-why-how-971eee52a7c5 KillNet: Who, What, Where, Why, How]" 12 October 2022, ''Medium''</ref> Some cyber experts are of the opinion that the purpose was specifically to disrupt the ongoing humanitarian efforts in Turkey and Syria.<ref name=":1" /> |
||
|- |
|- |
||
! scope="row" |Result |
! scope="row" |Result |
||
|It was reported that because of the attack NATO |
|It was reported that because of the attack NATO's NR network faced issues. This network is supposed to be used to transfer sensitive data. This supposedly affected the communication between the SAC and one of the aircraft but its crew was informed of it by other means so some sort of contact with the aircraft was still possible.<ref name=":0" /> No damage to the aircraft was reported. |
||
|- |
|- |
||
! scope="row" |Aftermath |
! scope="row" |Aftermath |
||
Line 26: | Line 26: | ||
! scope="row" |Analysed in |
! scope="row" |Analysed in |
||
|[[Scenario 13: Cyber operations as a trigger of the law of armed conflict]] |
|[[Scenario 13: Cyber operations as a trigger of the law of armed conflict]] |
||
[[Scenario 25: Cyber disruption of humanitarian assistance]] |
|||
[[Scenario 28: Extraterritorial incidental civilian cyber harm]] |
[[Scenario 28: Extraterritorial incidental civilian cyber harm]] |
||
|} |
|} |
Latest revision as of 16:26, 13 November 2023
Date | 12 February 2023.[1] The cyber operations took place in the aftermath of a massive earthquake, which happened on 6 February 2023 and affected Turkey and Syria.[2] In response, many states and organizations provided support and aid to the affected areas. |
---|---|
Suspected actor | KillNet, a hacktivist group suspected to be connected to Russia. Its focus allegedly mirrors the objectives of Russia although no direct link to the Russian institutions has been uncovered.[3] The supposed founder of the KillNet group (KillMilk) posted a message about the start of the attack on one of the Telegram channels used by the group.[4] |
Target | The apparent targets included NATO and the Strategic Airlift Capability (SAC)[5], a multinational initiative to provide airlift capability for humanitarian or military support. It is closely tied to NATO through the NATO Airlift Management Programme, which is a legal entity under which SAC operates, and which is a part of the NATO Support and Procurement Agency (NSPA).[6] NSPA´s webpage was one of the targeted sites.[4] |
Targeted Systems | Various NATO websites. Disruption of one of them resulted in the SAC losing contact with one of the planes whilst it was in flight.[7] |
Method | Series of coordinated DDoS (distributed denial-of-service) attacks. It was announced as an "attack on all NATO units".[4] |
Purpose | Not stated publicly but the attack was in accord with ongoing general focus of KillNet on governments and organizations supporting Ukraine during the ongoing Russia-Ukraine international armed conflict.[8] Some cyber experts are of the opinion that the purpose was specifically to disrupt the ongoing humanitarian efforts in Turkey and Syria.[4] |
Result | It was reported that because of the attack NATO's NR network faced issues. This network is supposed to be used to transfer sensitive data. This supposedly affected the communication between the SAC and one of the aircraft but its crew was informed of it by other means so some sort of contact with the aircraft was still possible.[1] No damage to the aircraft was reported. |
Aftermath | Nothing to note. It was reported that the NATO cyber experts were actively addressing the incident and two days later the secretary general of NATO remarked that some websites still experienced availability issues.[9] |
Analysed in | Scenario 13: Cyber operations as a trigger of the law of armed conflict
Scenario 25: Cyber disruption of humanitarian assistance Scenario 28: Extraterritorial incidental civilian cyber harm |
Collected by: Otakar Horák
- ↑ 1.0 1.1 J Kilner and D Milward, "Russian hackers disrupt Turkey-Syria earthquake relief" 12 February 2023, The Telegraph
- ↑ Center for Disaster Philantrophy, "2023 Turkey-Syria Earthquake" 22 September 2023
- ↑ Mandiant, "KillNet Showcases New Capabilities While Repeating Older Tactics" 20 July 2023
- ↑ 4.0 4.1 4.2 4.3 R Daws, "Russian hackers disrupt NATO comms used for earthquake relief" 13 February 2023, Telecoms Tech News
- ↑ "The Strategic Airlift Capability"
- ↑ "NATO Airlift Management Programme Office"
- ↑ K Plummer, "Russian hackers ‘disrupt Turkey-Syria earthquake aid’ in cyber attack on Nato" 13 February 2023, The Independent
- ↑ C Warner, "KillNet: Who, What, Where, Why, How" 12 October 2022, Medium
- ↑ A Scroxton, "Killnet DDoS attacks disrupt Nato websites" 13 February 2023, ComputerWeekly