Abstract
KillNet, a pro-Russian hacktivist collective, conducted sustained distributed-denial-of-service (DDoS) campaigns across 2022-2023 that disrupted government, transportation, and critical-infrastructure services in multiple countries aligned with Ukraine. This case-study review synthesizes open-source reporting and institutional advisories to examine KillNet’s targeting, tradecraft, and effects, with a focal vignette on Lithuania’s energy sector. Findings show that while DDoS attacks rarely cause physical destruction, they can degrade grid telemetry, force manual contingencies, and delay incident response, thereby amplifying operational risk in smart-grid environments and driving significant defensive expenditures. Beyond technical impacts, recurrent disruptions erode public trust and can catalyze political instability. Attribution remains challenging given the group’s decentralized structure, botnet-enabled scale, tool reuse, and false-flag tactics. International responses coalesced around Five Eyes and EU guidance, public-private information sharing, and adoption of zero-trust and traffic-scrubbing controls. The paper concludes that countering KillNet-like actors requires coordinated standards, AI-enabled detection and attribution research, and resilience-by-design in Critical infrastructure.