Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian-linked hackers have claimed to have disrupted the infrastructure of Italy’s State Police anti-cyber crime arm after it thwarted hacking attempts on the Eurovision Song Contest.

Hackers from the Killnet group announced in the early hours of Monday morning that claims made by Italian State Police referred to the disruption of cyber attacks over the weekend were false.

In the same announcement, Killnet also “declared war” on 10 countries, including the “deceitful police of Italy”, and appeared to mock the authority, claiming Killnet was responsible for the seemingly offline website of the police’s cyber department.

The website of Italy’s anti-cyber crime organisation, Cnaipic, was involved in the prevention of Russian-linked hacking attempts on the Eurovision song contest’s voting systems, Italian State Police said, and at the time of writing, its website also appears to be down.

Cnaipic assigned officers to work 24 hours a day in a unit dedicated to protecting Eurovision’s infrastructure which was ultimately attacked by the Russian-linked Killnet and Legion hacking groups.

Italian State Police confirmed its response on Sunday, saying they were able to “neutralise and repel the attacks”.

“Various computer attacks of a DDoS were nature directed at network infrastructure during the voting operations and the singing performance were mitigated in collaboration with the ICT Rai and Eurovision TV management,” said the State Police, as reported by ANSA. “Identified by the Cnaipic of the Postal Police, numerous 'PC-zombies' were used for the cyber attack.”

This year’s Eurovision Song Contest was held in Turin, Italy and saw Kalush Orchestra from Ukraine was crowned the champion after many predicted the country to win following Russia’s invasion.

Authorities said the distributed denial of service (DDoS) attacks were prevented during the competition’s grand final and during the final voting stages.

State Police also said they scoured the hacking groups’ associated Telegram channels to glean intelligence that led to the prevention of other incidents and the identification of the hackers’ location.

Sustained Killnet attacks

Days before the Eurovision Song Contest, Italian authorities reported, via ANSA, that the same Killnet hackers had targeted the websites of the Italian National Health Institute and Automobile Club d'Italia, a national drivers' association.

The Italian senate’s website was also targeted in the attack which saw hackers take down web pages for roughly an hour.

Italian senate speaker Elisabetta Casellati said via Twitter that no damage was sustained from the attack on the senate.

“Thanks to the technicians for the immediate intervention,” she said. “These are serious episodes, which should not be underestimated. We will continue to keep our guard up.”

Killnet has been a group on the watchlist of international cyber crime authorities for some time, with the Five Eyes intelligence alliance previously releasing a joint cyber security advisory naming Killnet as one of the biggest threats to critical infrastructure.

Among other recent attacks, the alliance pointed to a March DDoS attack on Bradley International Airport in Connecticut as previous work carried out by the group which has also released a video pledging support for Russia.