Several major U.S. airports suffered a distributed denial-of-service (DDoS) attack yesterday at the hands of Russia-based cybercriminal group Killnet. The cyberattack took down the websites of these airports for a few hours.
Killnet claimed responsibility for the DDoS attack on its Telegram channel and listed its targeted airports. The attack affected the public-facing websites of victim airports without impacting ground operations.
However, the DDoS attacks did affect passengers’ ability to book airport-related services and receive flight scheduling updates. Killnet claimed to have compromised Atlanta, Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri airports.
Killnet on Telegram
Some airports, including Hartsfield-Jackson Atlanta International Airport and Los Angeles International Airport, said their websites are up and running again. Just over a dozen airports, including Chicago O’Hare International Airport, Denver International Airport, Phoenix Sky Harbor International Airport, and some others, such as Orlando, Hawaii, etc., were also impacted.
See More: Inside the Mind of a C-Suite Executive: What to Expect in Cybersecurity in 2023
The motivation for the Killnet attack against critical infrastructure such as airports is unclear. The group called for additional, similar DDoS attacks against “the civilian network infrastructure of the United States of America!â€
- All Airports
- Sea terminals and logistics facilities
- Monitoring weather centers
- Health care system
- Subway (ticketing, route registration)
- Exchanges and online trading systems
VP of Mandiant Threat Intelligence Jon Hultquist tweeted:
My only concern here is that we may be entering a new phase of increased targeting in the US that might include more serious incidents. Time will tell. 2/x
— John Hultquist🌻 (@JohnHultquist) October 10, 2022Opens a new window
The cybercriminal syndicate has previously claimed attacks against another hacktivist group Anonymous (which sided with Ukraine) in May 2022 for launching DDoS attacks against Russian government sites, against Eurovision, Latvian and Italian private organizations in May 2022, and Lithuanian government and private organizations in June 2022 to block shipments to Kaliningrad.
The group only recently targeted the aerospace and defense company Lockheed Martin, calling them “terrorists†for supplying the M142 High Mobility Artillery Rocket System (HIMARS) to the Ukrainian armed forces for the ongoing conflict in Eastern Europe.
After the Lockheed Martin incident, an unknown actor going by the nickname ‘Torian’ reached out to Spiceworks in August 2022. They claim to have started Killnet along with co-founder Killmilk. “At first, the project pursued only commercial goals, but after the start of the war, Killmilk became very politicized and decided to convert the project into a weapon. I was against it,†Torian told Spiceworks.
Two months into the war, the Cybersecurity and Infrastructure Security Agency warnedOpens a new window critical infrastructure organizations of cybercrime groups that have declared allegiance to Russia (but is not a state-sponsored group), one of which is Killnet. The federal agency also noted that Killnet attacked Connecticut’s Bradley International Airport late in March 2022.
Torian told Spiceworks that Killnet doesn’t actually have a botnet or a control panel that it can leverage for commercial DDoS services. “What no one knows: Killnet doesn’t really have any botnet, but there are several accounts on commercial ddos stressers and a simple php script working with their api,†Torian said.
Vlad Cuiujuclu, an analyst with Flashpoint, discounted Killnet as something “very loud, but they’re a small annoyance at best†in his conversationOpens a new window with the Wall Street Journal.
Killnet also carried out politically motivated attacks against government websites of Colorado, Kentucky, Mississippi, and others earlier this month.
Torian added that Killmilk is looking to capitalize on the hype surrounding its name as much as “he†can by declaring “himself†a patriot.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
Image source: Shutterstock