Italy has plunged into long-awaited cyber warfare with hacker attacks that have ravaged the government sites of the Defense Ministry, which has denied it, ACI, Iss and many others. Igniting the public debate has been the authorship of the attack. According to many, there is a difference between KillNet and Legion, but the editorial staff contacted them to better understand who are those who have destabilized the certainties about the cyber resilience of an advanced country like Italy.

The interview was conducted in Russian and we apologize for any smears in the translation and anticipate that it was not possible to counter their statements for technical reasons due to the Telegram platform.

Beyond the ideals expressed,

on which the editorial staff firmly distances itself because it condemns all warfare

let us find out who they are, how they are structured, whether they are linked to Russian intelligence, and whether they will continue to do damage in Italy or elsewhere.

Meanwhile, the indiscretion given by Digital Matrix about the attacks on the media was confirmed by Legion itself with an ironic comment on its Twitter profile “It’s Biden.”

Exclusive: Italian media under attack by Legion and KillNet “boys”

What is the difference between Killnet and Legion? You say you are different, but on Telegram you are connected.

I am the founder of Killnet, I am the founder of Legion. I created it, but I don’t want to control it. We are training thousands of people ready to fight NATO in the future. When Legion is formed and has its own management system, I will leave them without my supervision.

When was Killnet born and what is its purpose?

KILLNET was born in 2021. From the beginning, we provided DDOS services for competing companies. When the war broke out, we shut down the service and converted to actions related to the extension of the Russian national Internet.

When was Legion born and what is it for?

Legion’s purpose is the destruction of NATO.

Legion is an Indian collective known to be anti-Russian, do you have ties with them or are you a different group?

Legion is not a collective, but a special unit. We can call it a battalion that includes 5 special forces units. 4 of them have a DDoS attack specification. 1 Squad is the Hacking Squad. As I mentioned earlier, the Legion is a branch of the KILLNET.

The United States does not recognize you as an entity associated with Russian intelligence. Are you a financially motivated group, individual activists or guys who like to create “big” damage around here?

I am an ordinary person from Russia. In all the time we have been working, not one person from Russia has offered us financial help. As for government agencies, it’s silly to think we have anything to do with them. We are not children. We have a high age profile, but we are not looking for adventures for fun. We are creating damage to those countries that are motivating this war. We will fight the war as we know how to fight those who help the Nazis in Ukraine. If the United States thinks we are children, I tell you that I have sent the United States to that country. We are preparing a big surprise for them.

According to some research done, it seems that you are using a DDoS service similar to the Mirai botnet, according to some reports it is Mirai. What is true about these two reflections?

First of all, those who research our attacks are idiots and clowns. The Mirai botnet and the Mirai Squad are the same thing. But it is a Squad of 5, Killnet is not part of these squads. What kind of power supply does KILLNET use? This question will be answered by 500,000 computers in the United States.

Is DdoS the only thing you know how to do?

We are currently developing the IT infrastructure of our movement. Our expertise is not limited to ddos attacks. It is the simplest. My favorite action against enemies are cryptolockers, injections and more. We currently have over 30 types of specifications.

How difficult was it to get into Italy? What were the goals of the country you applied for and what were not?

There is no difficulty in entering any country. There is a difficulty only in understanding the state’s attitude toward Nazism. That is why we do research. If you mean “Does Italy have good protection for its servers?” no, it does not. Your network infrastructure has huge gaps. If we wanted to attack your ISPs, the Internet would simply cease to exist. But we are not vandals and we are not against ordinary people. We are against the Nazi government!

Do you support Russian propaganda? If yes, why?

I love my country! My country has no propaganda, my country has only one goal: to destroy the Nazis in Ukraine. Your countries are full of US propaganda. They are your real enemies, but not Russia. You will understand this soon!

How do you regard the choice of Anonymous in taking the field in favor of Ukraine?

I do not consider it an enemy. Those who claim to be Anonymous and speak against the Russian people are not real hacks. They are clearly propagandists from Ukraine. Anonymous will never in its life support the U.S. government. Anonymous will never threaten people.

Un aggressore ha violato il profilo Instagram e il sito di Bored Ape Yacht Club Discord ed ha truffato circa 3 milioni di dollari in token non fungibili.

L’hacker ha pubblicato un falso link “mint“, che da allora è stato rimosso, invitando gli utenti a collegare i loro portafogli digitali per un airdrop di token. Ma chiunque abbia cliccato su di esso ha permesso all’hacker di ottenere l’accesso ai loro portafogli.

Bored Ape ha confermato l’hack in un tweet, avvertendo gli utenti di non cliccare alcun link su Instagram o collegare i portafogli digitali.

Un popolare crypto influencer Zachxbt ha detto a Insider che 91 NFT – tra cui quattro Bored Apes e sette Mutant Apes – del valore di circa 2,9 milioni di dollari sono stati rubati.

Mentre l’exploit include dozzine di NFT di alto valore, Zachxbt ha detto a Insider che il loro valore è di circa 2,9 milioni di dollari perché gli hacker spesso vendono gli NFT truffati al di sotto del loro prezzo base.

L’hack segue altri recenti crimini di asset digitali, tra cui un hack separato di Bored Ape Discord all’inizio di aprile, così come lo storico attacco Axie Infinity, che ha visto 600 milioni di dollari in token drenati dalla piattaforma.

I cyberattacchi DDos contro i siti web statali estoni sono continuati venerdì dopo essersi fermati temporaneamente giovedì sera, secondo quanto riferito dall’Autorità del sistema informativo statale (RIA). Il loro impatto finora è stato “modesto“.

“Venerdì, non hanno avuto un grande impatto sugli utenti“, ha detto Tõnu Tammer, capo del dipartimento di gestione degli incidenti informatici della RIA (CERT-EE).

“Ci sono state situazioni in cui un sito web sotto attacco non era disponibile per un breve periodo. Quando abbiamo visto qualcosa del genere, abbiamo fatto correzioni tecniche il più presto possibile per fermare l’attacco. Finora, l’impatto sulle persone è stato molto piccolo“, ha detto Tammer, aggiungendo che RIA sta lavorando con i suoi partner per mantenerlo così.

Quasi 700 milioni di richieste malevole sono state fatte ai siti web estoni tra venerdì mattina e mezzogiorno, per lo più da fuori Europa, come mostrano i dati preliminari.

“Possiamo indovinare chi potrebbe essere dietro gli attacchi, ma non è saggio condividere informazioni non verificate. Menzionare un gruppo dà loro anche l’attenzione che in realtà non meritano“, ha detto Tammer.

I siti web presi di mira finora includono il presidente (president.ee), il Ministero degli Affari Esteri (vm.ee), il Consiglio di Polizia e Guardia di Frontiera (politsei.ee), il portale digitale dei servizi statali (eesti.ee), la pagina informativa sulla carta d’identità (id.ee), il Centro di Eccellenza della NATO per la Cyber Difesa (ccdcoe.org), la compagnia ferroviaria statale Elron (elron.ee) e tallinn-airport.ee.

Gli attacchi iniziali sono iniziati alle 16.00 di giovedì con l’obiettivo di sovraccaricare i siti web e hanno temporaneamente fermato gli utenti dall’accesso ad alcuni siti web statali. Si sono fermati alle 23, ma poi sono ricominciati durante la notte.

RIA ritiene che possano essere stati programmati per coincidere con l’esercizio di difesa informatica Locked Shields che si è concluso da pochi giorni.