Japan’s government says it is investigating whether Russian hackers Killnet are behind a distributed denial of service (DDoS) cyberattack which crippled 20 government websites. Killnet has form for launching such attacks against countries which have supported Ukraine in its war with Russia, having targeted governments around the world in recent months.

The Japanese government has been hit by a cyberattack. (Photo by Luciano Mortula/Shutterstock)

Killnet has claimed responsibility for the attack, which impacted sites spread across four government departments on Tuesday. The government says most services are now restored, though a tweet from Japan’s digital agency this morning said problems remain in accessing e-Gov, an administrative portal used by citizens.

The portal was reportedly one of the websites hit in the attack.

Is Killnet behind the Japan cyberattack?

The attack began at 4.30pm Japanese time, and at around the same time, the hacking group Killnet posted a message on its Telegram channel claiming it was behind the assault.

Killnet said it was revolting against Tokyo’s “militarism,” and that it was “kicking the samurai”.

Japan’s chief cabinet secretary Hirokazu Matsuno said that the Japanese National Center of Incident Readiness and Strategy for Cybersecurity was launching a full investigation into the incident.

“We are aware that the (Killnet) hacker group suggested it was behind the attacks, but at the moment we are still investigating the cause of the failures, including the group’s involvement,” he told Reuters.

Who is Killnet?

Killnet is a cybercrime group known to be sympathetic to Russia. It emerged earlier in the year as a DDoS-as-a-service tool, allowing customers to rent botnet access for $1,350 a month, according to researchers at cybersecurity vendor Recorded Future.

Since the start of the war in Ukraine, the group has thrown its weight behind hacktivist activities in support of Vladimir Putin’s government, launching DDoS attacks on countries supporting Ukraine, going as far as to “declare war” on ten countries, including the UK, which were sanctioning Russia.

In June it claimed a DDoS attack on government infrastructure in Lithuania, and the following month it struck again, this time targeting Lithuanian energy company Ignitis. Earlier in the year, it had conducted a similar offensive against Romanian government websites.

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.

Read more: LockBit ransomware group hit with DDoS attack after Entrust breach