Pro-Russian group claims responsibility for Kentucky government website outages
A pro-Russian state hacker group claimed responsibility for widespread outages of Kentucky’s government websites Wednesday.
Multiple Kentucky state websites were unavailable Wednesday, greeting users instead with a 503 error, a sign that the website cannot communicate with the server it relies on. Other states saw similar website outages, including Colorado and Mississippi.
The pro-Kremlin hacker group Killnet claimed responsibility for the outages in a Wednesday morning post on the social media platform Telegram, as previously reported by CNN.
“USA OFFLINE,” the group’s Telegram post is headed, along with “F*CK NATO.” In Russian, the post lists a dozen states the group claims to have targeted, including Kentucky.
“Kentucky (breakdown of all online services),” the post reads.
In a statement emailed late Thursday afternoon, Kentucky Interactive General Manager Carlos Luna told WFPL News the disruption was caused by a distributed denial-of-service (DDoS) attack by “bad actors.”
DDoS attacks flood a site’s server with requests, overloading the server and blocking access for legitimate users.
“Our security team took action to limit the impact and restore services. At this time, Kentucky.gov websites hosted by Kentucky Interactive are online,” Luna’s statement reads.
Kentucky Interactive is a private company that runs the state’s online services.
Downed websites ranged from the Kentucky Board of Elections webpage to the Kentucky Department of Education website. Most were restored by the end of the day. Websites for Kentucky’s state courts were down part of Thursday as well.
Kentucky Interactive says it contacted the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA). A source in the FBI confirmed to WFPL News the agency is investigating but was not authorized to provide comment.
According to the Amsterdam-based cybersecurity firm EclecticIQ, Killnet hackers are “novice users with zero or limited experience,” and damage from Killnet attacks is usually temporary.
“Killnet possesses the resources to successfully conduct short-lived Distributed Denial of Service (DDoS) attacks but lacks the capabilities to execute attacks that impair network infrastructure for a longer period,” reads a blog post by EclecticIQ staff.
However, in the same post, authors argue that “successful DDoS attacks on government entities…would signal a change in technical capabilities.”
Kentucky Interactive spokesperson Kara Cowie said so far, the organization has “no evidence that any data has been compromised.”
This story has been updated.
Ryland Barton contributed to this report.