Pro-Russian hacktivist group Killnet is facing increased scrutiny this week after a news site revealed the identity of its leader.
Known online as Killmilk, he rose to fame during Russia’s war in Ukraine for representing a politically motivated hacker collective. He is actually a 30-year-old Russian citizen named Nikolai Serafimov, according to a report published Tuesday by Russia-based Gazeta.ru.
Recorded Future News was unable to independently verify the reports. Killnet, who actively promotes itself sometimes did not respond to a request for comment.
According to data obtained by Gazeta.ru from other hacktivists and a law enforcement source, Serafimov is married, owns Porsche and BMW cars and has previously been convicted of drug distribution.
As of Wednesday, neither Killmilk nor Killnet had issued public comments on the report.
Gazeta.ru – run by a media subsidiary of Russian state-owned bank Sberbank – did not explain what triggered its report. Killmilk apparently thought he was being doxxed by a rival or opponent. At one point he asked Gazeta.ru to reveal who leaked the information, but the news site said he refused. The hacker then ended communications and deleted the chat, Gazeta.ru said.
Killnet has claimed responsibility for distributed denial-of-service (DDoS) attacks against healthcare facilities in Western countries and against the websites of US and European government agencies.
According to Pascal Geenens, director of cyber threat intelligence at the cybersecurity company Radware, the profile of the person described in the press article is “endowed with a gift of persuasion and good skills in social engineering, capable of building a brand around him, less technical and unsophisticated in the areas. in terms of his attacking abilities” – matches his thoughts on Killmilk.
If the Gazeta.ru report is true, Killmilk should “expect the unexpected” and its productivity will likely decline, according to Dmitry Smilyanets, director of product management at Recorded Future, the cybersecurity company that is the parent company from Recorded Future News.
Local law enforcement “will always have something on him and can lock him up at any time for many different reasons,” Smilyanets said. And when the war is over and relations between the United States and Russia are restored, “all named hackers will be on the table for peace negotiations,” he added.
Even before Tuesday’s announcement, Killnet’s operations recently seemed at a crossroads. After launching several campaigns last year, the group has shown a decline in activity in recent months, likely a sign of internal division, researchers say.
“Killmilk will not be able to continue operating with its identity revealed,” Geenens said.
Anti-Killmilk Coalition
More than a dozen hackers and hacktivists have publicly spoken out against Killnet and its leader, according to Gazeta.ru. Although he positioned himself as an influential patriotic hero, Killmilk turned out to be an average hacker with a questionable reputation among his peers, according to researchers.
“His actions are bizarre and unprofessional. He created noise and chaos,” Smilianets said.
Killmilk often falsely took credit for operations carried out by other hacking groups or lied about cyberattacks that never happened, researchers said. There is no indication that he is moving toward ambitious goals such as turning Killnet into a private military hacking company or training an army of skilled hackers as part of his “Dark School” initiative. It also owes people money, cheats its own customers and rarely keeps its promises, according to Russian hacktivists.
At first, this eccentricity helped Killmilk attract supporters in Russia. Killmilk’s former associates told Gazeta.ru that he was “a good brand builder – he knows how to create information products and sell them.” However, some Russian hackers claimed that his actions were “harmful to the entire Russian hacktivist community.”
“A lot of people are tired of Killmilk. Behind the scenes, a significant part of the pro-Russian groups are against him,” a hacktivist from the pro-Russian group NET-WORKER told Gazeta.ru.
For a long time, Russian hackers were afraid to take on Killmilk because he has a reputation for revealing the real names of his adversaries. For example, he doxxed the head of Russia Anonymous – an 18-year-old Belarusian citizen who went by the nickname Raty. It was stopped in Belarus earlier this year.
If Killmilk’s cover is officially revealed, Killnet will likely need a new leader soon, the researchers said. In such situations, underground hacker groups sometimes simply disappear and their members reappear elsewhere.
“Killnet is very closely associated with the ideas and voice of Killmilk,” Geenens said. “This could mean the end of an era and the most influential pro-Russian hacktivist group. But whenever a void is created, we can expect it to be filled very quickly by another person or group.
Future saved
Intelligence cloud.
No previous articles
No new articles
Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.