Threat Management, Threat Management

Hacking marketplace emerges from Killnet partnership, seeks pro-Russia donations

A woman waves a Russian flag

A partnership between Killnet and Deanon Club known as Infinity Team recently established its own forum and marketplace, which is currently offering a range of hacking services and resources — including DDoS services, according to a new Radware alert.

Killnet is a pro-Russian hacktivist group with unconfirmed ties to official Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). 

The advisory joins multiple alerts on the ongoing threat of DDoS attacks and DDoS-as-a-service offerings targeting the critical infrastructure of NATO-backed countries, including more than 48 U.S. health systems in a recent Killnet DDoS campaign.

The latest forum expansion aims to build on these past successes.

Daniel Smith, head of research for Radware’s threat intelligence division, told SC Media that the leader of Killnet, KillMilk, Anonymous Russia, and several other pro-Russian hacktivist groups have all listed their crypto wallets on the Infinity Forum.

Group leaders have been “asking for donations from devout followers,” said Smith. “When examining one of the Bitcoin wallets that belongs to KillMilk, it becomes apparent the threat actors received a considerable amount of donations: $24,950 (1.06 BTC) on Jan. 30, to be exact.”

Infinity offers cybercriminals advertisement spaces and paid status for business memberships found on the internet and darknet, aiming to bring “individuals, ethical and malicious, gather to discuss vulnerabilities, exploits, and other tools used for hacking.” 

These forums support the advertising of illegal goods and services for funding purposes and offer stolen data like credit card information, laundering services or drugs. Radware researchers earned the “advertisements aim to attract potential customers who are looking for illegal services and are willing to pay for them.”

“The information and knowledge gained from these forums can be valuable and used for various purposes, including improving one's security posture or engaging in illegal activities,” according to the alert. “At the moment, Infinity has one customer, Dark Swap, a cryptocurrency laundering service, but it is looking for more customers.”

The forum is currently offering advertising packages between $250 to $1,000 a month, a “tested services” option for $400 a month, and message broadcasting to the whole forum for $300 per message, as well as other similarly priced services. The forum also provides licenses for potential entrepreneurs between $299 and $1,500 a month.

The actors behind Infinity Forum allow other cybercriminals to sell goods and services for either the cost of advertising or giving the actors a cut of transactions. Radware researchers warned that “such forums often cater to a specific niche or audience, like individuals looking to purchase illegal drugs or hacking services and DDoS attacks.”

Infinity is even offering paid tutorials and courses for would-be criminals: In one instance, active members shared “not only tips and tricks for launching denial-of-service attacks but also scripts, attack tools, and information related to their attacks.”

As Smith said he sees it: “If Infinity Forum becomes successful, it will produce a windfall of profits for the pro-Russian hacktivist threat groups.”

The domain was registered on Dec. 26 via NameCheap, and already has attracted a notable number of registered users, including pro-Russian threat groups like Anonymous Russia, BEAR.IT.ARMY, Akur Group, SARD, and National Hackers of Russia.

The forum joins multiple online communities, including the Pro-Russian hacker forums known as Exploit and XSS. 

“The creation of the Infinity Forum highlights a growing and evolving threat from pro-Russian hacktivists,” according to the alert. “They can also generate millions of dollars a year for the owners if run successfully.”

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.