The federal government has issued an advisory addressing the activities of Russian hackers who are targeting Pakistan’s military and civil setups. The advisory provides crucial information about the actions of a Russian hacker group known as Kill Net and emphasizes the need for preventive measures to safeguard critical infrastructure.
Threat Overview
The advisory sheds light on the activities of Kill Net, an Advanced Persistent Threat (APT) group operating from the Kremlin in Russia. Since January 2022, Kill Net has gained notoriety for launching DDoS campaigns against the United States, Ukraine, NATO countries, and now Pakistan.
Attack Methods
Kill Net predominantly employs DDoS attacks and brute force dictionary attacks to disrupt vulnerable public-facing Critical Information Infrastructure (CII). Although the duration of their attacks is relatively short, the resulting consequences have caused significant embarrassment to affected nations on a global scale.
Recommended Preventive Measures
To counter the threats posed by Kill Net, the advisory puts forth the following proactive preventive measures:
Network Monitoring and Security
- Implement comprehensive network monitoring at the administrative level, including file hashes, locations, logins, and unsuccessful login attempts.
- Deploy reputable firewalls, Intrusion Prevention Systems (IPS)/Intrusion Detection Systems (IDS), and Security Information and Event Management (SIEM) solutions to enhance network security.
Access and Data Restrictions
- Restrict incoming traffic and user permissions to minimize potential vulnerabilities.
- Grant internet access on a need-to-use basis and enforce restrictions on data usage rights.
- Prioritize the verification of software and documents using digital code-signing techniques before downloading.
Strengthen System Security
- Enforce Multi-Factor Authentication (MFA) for mailing systems, administrator controls, and critical infrastructure.
- Regularly back up critical data to mitigate the impact of potential losses.
Password Management and Updates
- Regularly rotate passwords at the administrator level to enhance security.
- Stay up to date with patches and updates for operating systems, applications, and technical equipment.
Advanced Firewall and Protection Measures
- Secure website domain hosting by acquiring Anti-DDoS services from reliable Internet Service Providers (ISPs).
- Deploy advanced firewalls, such as Next-Generation Firewalls (NGF), Web Application Firewalls (WAF), and Network-Based Firewalls, to fortify defense mechanisms.
Anomaly Detection and Traffic Filtering
- Enable round-the-clock SIEM and event logging to detect anomalies in internet usage and identify traffic spikes.
- Implement fragmentation and multi-content delivery networks to filter incoming traffic effectively.
- Conduct deep packet inspection to identify and block suspicious traffic.
Additional Preventive Measures
- Regularly update applications and reinforce IT equipment security to stay resilient against evolving threats.
- Emphasize the use of strong passwords and maintain regular data backups.
- Employ firewall or network-level blocking of all malicious domains, URLs, and document hashes, including those associated with the APT group Kill Net.
Conclusion
The federal government’s advisory underscores the critical need for proactive measures to safeguard Pakistan’s government institutions from the activities of Kill Net. By implementing the recommended preventive measures, Pakistan can bolster its cybersecurity defenses and effectively mitigate the risks posed by Russian hackers.
