Report claims to reveal identity of Russian hacktivist leader

Jason Macuray
The pro-Russia hacktivist group Killnet is under increased scrutiny this week after a news website appeared to reveal the identity of its leader.

The pro-Russia hacktivist group Killnet is under increased scrutiny this week after a news website appeared to reveal the identity of its leader.

Known online as Killmilk, he became famous during Russia’s war in Ukraine for representing a collective of politically motivated hackers. He’s actually a 30-year-old Russian citizen named Nikolai Serafimov, according to a report published Tuesday by Russia-based

Recorded Future News couldn’t independently verify the information. Killnet, which actively promotes itself at times, did not respond to a request for comment.

According to data obtained by from other hacktivists and a source in a law enforcement agency, Serafimov is married, owns Porsche and BMW cars, and was previously convicted of drug distribution.

As of Wednesday, neither Killmilk nor Killnet had posted public comments about the news report. — run by a media subsidiary of the Russian state-owned Sberbank — did not explain what initiated its reporting. Killmilk apparently thought he was being doxxed by a rival or adversary. At one point, he requested that disclose who leaked the information, but the news site said it refused. The hacker then ended communications and deleted the chat, said.

Killnet has claimed responsibility for distributed denial-of-service (DDoS) attacks against healthcare institutions in Western countries and the websites of U.S. and European government agencies.

According to Pascal Geenens, director of cyberthreat intelligence at cybersecurity company Radware, the profile of the person the news article describes — “with a gift of persuasion and good social engineering skills, being able to build a brand around himself, less technical and unsophisticated in terms of his attack capabilities” — aligns with how he thinks about Killmilk.

If the report is true, Killmilk should “expect the unexpected,” and his productivity likely will decrease, according to Dmitry Smilyanets, a product management director at Recorded Future, the cybersecurity firm that is the parent company of Recorded Future News.

Local law enforcement potentially “will always have something on him and can lock him up whenever it’s time for many different reasons,” Smilyanets said. And whenever the war is over and U.S.-Russia relations are restored, “all the named hackers will be on the table for peace negotiations,” he added.

Even before Tuesday’s news, Killnet’s operations appeared to be at a crossroads recently. After launching several campaigns last year, the group has shown a decrease in activity over the past few months, probably signaling internal division, researchers said.

“Killmilk will not be able to keep operating with his identity exposed,” Geenens said.

Anti-Killmilk coalition

More than a dozen hackers and hacktivists publicly spoke out against Killnet and its leader, according to Despite positioning himself as an influential patriotic hero, Killmilk turned out to be an average hacker with a shady reputation among his peers, according to researchers.

“His actions are bizarre and unprofessional. He created noise and chaos,” Smilyanets said.

Killmilk often falsely took credit for operations conducted by other hacker groups or lied about cyberattacks that never happened, researchers said. There are no signs that he is making progress on ambitious goals such as turning Killnet into a private military hacking company or training an army of skilled hackers as part of his “Dark School” initiative. He also owes people money, deceives his own clients and rarely lives up to his promises, according to Russian hacktivists.

At first, this eccentricity helped Killmilk attract supporters in Russia. Killmilk’s former associates told that he is “a good brand-maker — he knows how to create information products and sell them.” However, some Russian hackers claimed that his actions are “detrimental to the entire Russian hacktivist community.”

“Many people are fed up with Killmilk. Behind the scenes, a substantial portion of pro-Russian groups is against him,” a hacktivist from the pro-Russian NET-WORKER group told

For a long time, Russian hackers were afraid to confront Killmilk because he has a reputation for revealing the real names of his opponents. For example, he doxxed the head of Anonymous Russia — an 18-year-old Belarusian citizen who went by the nickname Raty. He was arrested in Belarus earlier this year.

If Killmilk’s cover is officially blown, Killnet will probably need a new leader soon, researchers said. In such situations, underground hacking groups sometimes just disappear, with members re-emerging elsewhere.

“Killnet is very tightly associated with the ideas and the voice of Killmilk,” Geenens said. “This could mean the end of an era and the most influential pro-Russian hacktivist group. But, whenever a void is created, we can expect this gap to be filled by another person or group very soon.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

North Korean attack on CyberLink impacted devices around the world, Microsoft says

Next Post

Kansas Supreme Court: Hackers stole records, confidential files in October attack

Related Posts

Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns

Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs. To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in the coming weeks. "We are adjusting the release model for Recall to leverage the expertise of the
Read More