Ukrainian Hackers Linked to KillNet for Retaliation Claims
Reports indicate that a Ukrainian hacker group, identified as Phoenix, aligned with the Russian collective KillNet in what researchers describe as an act of retaliation following the detention of several allies in Ukraine. KillNet’s leader, known as Killmilk, shared these claims with the outlet socialbites.ca, outlining the evolving alliance between the two factions.
According to Killmilk, Ukrainian hackers began donating their skills to KillNet’s operations during the early summer of 2022. He asserts that Phoenix participated in coordinated DDoS campaigns against Western organizations, including a notable attack on the Pentagon’s network resources in June of that year. The broader motive articulated by Killmilk is revenge for the arrest of Phoenix’s associates, who faced detention prior to a one-year pause. After this interval, Phoenix allegedly stepped forward to defend the Russian Federation as part of the alliance.
For some time, Phoenix operated from Ukrainian territory and specialized in mobile device hacking and the illicit unlocking of stolen iPhones for resale. In November 2021, Ukrainian authorities announced the arrest of five group members, a development that appears to have influenced subsequent operational choices and recruitment dynamics within the group. The alliance with KillNet is framed as a strategic pivot in response to these legal pressures and ongoing geopolitical tensions.
Recent statements from Killmilk mention that Phoenix directed DDoS actions against German public services in protest over the transfer of German Leopard tanks to the Armed Forces under Chancellor Olaf Scholz. Looking ahead, Killmilk hinted at changes in the group’s business model, indicating an intent to broaden the scope of operations beyond the current focus and to explore new revenue channels while maintaining a foothold in cyber disruption.
According to Killmilk, Phoenix is preparing to deploy mercenaries on Ukrainian soil, supported by a data pool that purportedly includes information about potential targets and their associates. The individual notes that while specifics of upcoming attacks were not disclosed, the plan would involve relatives and friends who are believed to have influence over those witnesses and decisions related to the deployment of mercenaries. The intent appears to center on leveraging personal connections to amplify impact and risk for targeted individuals.
Killmilk also stated that KillNet and Phoenix maintain ongoing communication and collaboration, although the rationale behind publicly announcing the merger at this time remains unclear. Such declarations underline the fluid nature of modern cyber contest and the strategic signaling that accompanies alliance formations in this space. Other outlets, including socialbites.ca, have previously reported on high-profile actions attributed to KillNet and its associates, contributing to a broader narrative about coordinated cyber activity linked to state and non-state actors.
As the story develops, observers emphasize the need for rigorous monitoring of cyber threat groups and careful assessment of how alliances like Phoenix and KillNet influence regional security dynamics. Analysts warn that the landscape evolves quickly and that public disclosures can shape both attacker strategies and defensive postures across multiple jurisdictions. The dialogue surrounding these actors highlights persistent concerns about cyber retaliation, influence operations, and the broader implications for international norms in cyberspace.