Pro-Russian KillNet hackers claim to have brought down multiple US airport websites using DDoS

Pro-Russian KillNet hackers claim to have brought down multiple US airport websites using DDoS

About 14 public-facing U.S. airport websites, including those for some of the nation’s largest airports, were inaccessible Monday morning as a pro-Russian hacker group claimed responsibility for the attack. The KillNet group has been using DDoS (distributed denial of service) cyberattacks. While no immediate impact on actual air travel was reported, there have been suggestions that the cyber attacks may have inconvenienced people seeking travel information.

The KillNet group had listed multiple U.S. airports as targets, including Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri. The DDoS cyberattack leads to hackers flooding computer servers with phony web traffic to knock them offline.

“At noon today (CEST), Killnet published a list of US airports they will potentially target with denial-of-service attacks. NoName057(16) linked and reshared the list on the ‘DDosia Project’ Telegram account,” according to a Twitter message. The other U.S. targets that the Killnet group was calling to attack besides airports include marine terminals and logistics facilities, monitoring weather centers, healthcare systems, Metro (buying tickets, registering the route), and exchanges and online trading systems.

Reacting to the cyberattack on multiple US airports, Kiersten Todt, chief of staff of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said at a security conference in Sea Island, Georgia, that “obviously, we’re tracking that, and there’s no concern about operations being disrupted.” 

The KillNet group is said to have listed 14 websites, including Los Angeles International Airport (LAX) and Atlanta’s Hartsfield-Jackson International Airport, among the U.S. airports it was targeting. 

LAX officials shared a statement with Industrial Cyber that “early this morning, the FlyLAX.com website was partially disrupted. The service interruption was limited to portions of the public-facing FlyLAX.com website only.” 

“No internal airport systems were compromised, and there were no operational disruptions. The airport’s Information Technology team has restored all services and is investigating the cause,” the statement said. It also added that the airport had notified the FBI and the Transportation Security Administration (TSA).  

The Atlanta airport said in a Twitter message that “ATL’s website (http://atl.com) is up and running after an incident early this morning that made it inaccessible to the public. An investigation into the cause of the incident is underway. At no time were operations at the airport impacted.”

The KillNet group stepped up activity to target organizations in NATO countries after Russia’s February invasion of Ukraine. The loosely organized ‘hacktivists’ are politically motivated to support the Kremlin, but their ties to Moscow are unknown. 

CNN said the group claimed responsibility last week for knocking offline US state governments’ websites. KillNet is blamed for briefly downing a US Congress website in July and cyberattacks on organizations in Lithuania after the country blocked the shipment of goods to the Russian enclave of Kaliningrad in June.

Killnet previously released a video supporting Russia and claimed credit for implementing a DDoS attack, in which servers are flooded with web traffic to knock websites offline, against a U.S. airport in March in retaliation for U.S. support for Ukraine, according to a federal cybersecurity advisory.

“This malicious call to action is a great example of why organizations need to be ever-vigilant in their cybersecurity operations,” Craig Burland, CISO at Inversion6, wrote in an emailed statement. “A focus on cybersecurity isn’t only for when the auditor is coming or after a breach. It’s a 24x7x365 responsibility that we must all own and embrace. We don’t take days off from things like workplace safety or legal, due diligence. Cybersecurity is no different, especially as we collectively face organizations like Killnet.”

The U.S. administration was to schedule classified cybersecurity briefings with executives from across the aviation industry in September, a senior White House cybersecurity official said in late August. The move follows last year’s National Security Memorandum, after which the government has been conducting classified cybersecurity briefings with executives from select critical infrastructure sectors to compel industry leaders to invest more in their digital defenses.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related