If you’re currently under attack, please contact us via the “Under Attack” button on our website.

If you’re not a customer and want to talk to our Cyber Threat Intelligence Team or to get protection for your online presence, get in touch with us via the “Speak to Sales” button on our website.

On June 14, the Killnet Group issued a chilling threat via a video posted to their Telegram channel. The notorious hacktivist group, contrary to its previous statements about disbanding, said that it is teaming up with two additional threat actors, Anonymous Sudan, and REvil, to launch a “destructive” attack against the Western banking system within 48 hours. The planned attack aims to target European banks as well as SWIFT, IBAN, and other money transfer systems.  

“We are calling up all active groups for destructive operations against the European.”

At Vercara, we’ve been closely monitoring the activities of Killnet and their associated groups, like Anonymous Sudan, since their inception. But the involvement of REvil – a notorious ransomware group that doesn’t have a track record around DDoS attacks – is certainly interesting, as there has been no known association between the groups previously. It also denotes a change in tactics and capabilities. 

REvil is a Ransomware-as-a-Service group that operated within Eastern Europe from when it first came onto the scene in April 2019 until they were shut down by a multinational law enforcement action in January 2022. Six months later, they resurfaced and resumed operations in an effort to re-establish themselves as a threat actor. This group is known for conducting double extortion by stealing data and then encrypting targeted systems, which in turn demand significant payment to receive the unlock code as well as not leak/sell data stolen. Some of REvil’s tactics, techniques, and procedures (TTPs) include using infostealer logs, RDPBrute, ADFind, Mimikatz, WinPEAS, Cobalt Strike, and PowerShell scripts. 

“The reason for this: money.”

To protect our customers more effectively, we monitor a wide variety of threats and their capabilities. We have a good understanding of the tactics they typically use for attacks and have adjusted our defenses in the wake of this threat to ensure Vercara customers are protected. Our SOC and support teams manage attacks on a daily basis. They are maintaining a heightened awareness during this time and are ready to provide any support our customers require.  

“Today we announce a direct threat to all European banks.“

If you’re concerned about this threat and how it may impact your organization, there are several measures you should take:  

• Test traffic diversion to our DDoS mitigation scrubber to ensure internal processes and application performance. 
• Review and inventory protected assets to find outliers that need additional protection. 

• Proactively begin mitigation if you believe that you are under imminent threat. 
• Consider ‘Always On’ deployment for mitigation speed and ease. 
• For malware and ransomware prevention, contact your account manager about Vercara’s filtering recursive solution, UltraDDR.  

We are advising all our customers to maintain a heightened sense of awareness, ensuring operations personnel are briefed on the threat and able to implement proper incident response processes. Additionally, customers who would like to review their configuration or the operational procedures that are in place should contact the SOC or reach out to their account manager. If you are under active attack and need help, please reach out. Our team is available 24/7 to assist with urgent remediation needs.