On Saturday, the Russian hacker group Killnet threatened hospitals and health institutions in a number of Western countries – including Norway.
Now Killnet claims that they have managed to shut down the websites of Norwegian hospitals – although this is not necessarily true:
– Health facilities in Norway and Germany are closed. We will not allow crap to be thrown at our fatherland, boast the Russian hackers. They link to a service that checks whether websites are accessible from different countries.
ON RAMS: “Medical institutions in Norway”, listed by Killnet. Photo: Screenshot, Telegram
On the service, it appears that requests for access to the Norwegian hospitals’ websites give an error message, but Norway is not among the countries the service tests from.
TV 2’s attempt from the media house’s Oslo office still gives access to all the threatened Norwegian hospitals’ websites at 14:40.
Threats against ten hospitals in Norway
On Saturday, Killnet updated the attack list on its Telegram account. The following Norwegian hospitals are mentioned as targets:
- A house
- Innlandet Hospital
- Brought to hospital
- Ringerike Hospital
- St. Olav’s Hospital
- Skien Hospital
- Stavanger University Hospital
- Tønsberg Hospital
- Haugesund private hospital
- The University Hospital in Northern Norway
TV 2 has been in contact with Norsk Helsenett, which is responsible for running the hospitals’ websites. They state just before 2pm on Saturday that they are investigating the matter, and as of now cannot answer whether they have noticed any unusual activity.
HOSPITAL: Akershus University Hospital (Ahus) is among the targets Killnet has identified. Photo: Nico Sollie / TV 2
The Killnet group is particularly known for carrying out so-called denial of service attacks (also known as DDOS attacks).
These involve sending a large number of requests to a server, which means that it does not have the capacity to respond to those who actually need to use the service. This could mean, for example, that the hospitals’ websites become unavailable.
In this way, the attacks create a lot of noise – but they rarely do any lasting damage. The aim of such attacks can therefore often be to create unrest and uncertainty.
UNN: – Creates more attention than damage
Information security officer Per Bruvold at UNN informs TV 2 that the hospital has not had any problems with the IT services on Saturday. They are familiar with the Russian threats.
– We have not noticed anything in that context. Experience from previous attempts by Killnet shows that they create more attention than harm, he says.
– We are increasing monitoring. We depend on IT, but healthcare can also be offered without it, Bruvold continues stoically.
Adviser Herman Hatløy Ringstad of the National Security Authority (NSM) writes to the news agency NTB that they are aware of messages on Telegram aimed at the health sector.
– NSM is in dialogue with relevant partners and follows the situation closely, he says.
Aim broadly
Hospitals in both the USA and several European countries are threatened on the same list: the Netherlands, Great Britain, Finland, Spain, Portugal, Germany and Poland.
Altogether, there are more than 100 different websites worldwide.
CYBER WARRIORS: Images taken from the pro-Russian hacker group “Killnet”‘s Twitter/Telegram account. Photo: Ole Enes Ebbesen / TV 2
In June 2022, the same group carried out similar attacks against a number of important Norwegian businesses.
They have also previously carried out such attacks against actors in a number of other countries, including Italy, Germany, Japan, the USA and Georgia.
In August last year, the group’s founder “Killmilk” claimed that they were behind a major attack against the American arms manufacturer Lockheed Martin, and that this was intended as revenge for the USA sending HIMARS weapon systems to Ukraine.
Controls millions of machines
After the previous attack against Norway last summer, technology manager Erling Schackt at Check Point Software explained to TV 2 that the Killnet network controls approximately four and a half million machines on the internet – without the users themselves knowing about it.
– These are machines that are infected, where the user or owner is not aware of this. They use the machines to attack targets, such as Norwegian websites in this denial of service attack, he said at the time.
During such an attack, so many requests are sent to a service that it crashes.
