Situation Report: Russian hackers take credit for disrupting various US airline websites
A pro-Russian hacker group took credit for various cyber-attacks on October 10 that knocked several major U.S. airline websites offline temporarily. The pro-Russian group Killnet claimed responsibility for these attacks, which affected the websites for Los Angeles International, Chicago O’Hare, and Hartsfield-Jackson International airport, and many others.
The style of attack appeared to be a DDoS attack (distributed denial-of-service), which attempts to disrupt normal website traffic by flooding a certain website with bot traffic. DDoS attacks are fairly common, and require multiple Internet-connected machines to work effectively.
These attacks were instigated by an online post on Telegram, where the hacker group asked their followers to participate by flooding various airport websites with bot traffic. The post listed several U.S. airports, although it isn’t clear if these airports were targeted specifically, or if they were randomly chosen.
Despite taking many websites offline for several minutes, the DDoS attacks had no impact on air travel, and most websites returned to normal after 15 minutes.
Killnet first appeared in January of 2022, as a “cybercriminal hack-for-hire vendor,” however, as Russia continued their assault on Ukraine, it became clear that the group was prepared to fully back any Russian moves in the conflict. Cyber researcher CyberKnow referred to the group as working “in an emotional way. They seek revenge and retaliation against wrongs they believe have been dealt against Russia and its people.”
Digital Shadows reports that Killnet actively recruits hackers to join them in this new wave of “hacktivism” which targets NATO members and other countries who support Ukraine.
Killnet was not started as a hacker group, but rather as a tool to help others launch DDoS attacks on their own. Killnet quickly pivoted and morphed into a hacktivist group whose primary goal was to “stop the aggression against Russia.”
Despite these DDoS attacks having no real impact on U.S. airports, they serve as an important reminder that many critical infrastructures Americans rely upon daily are not as secure as they may hope. The U.S. electric grid specifically, which is monitored and managed largely through the Internet, may be susceptible to similar attacks in the future if it is not secured.
- STG holds the government accountable to secure the grid - October 19, 2023
- Secure the Grid Coalition, along with former Speaker Gingrich, urge federal government to enhance grid security - September 22, 2023
- Situation Report: Chinese malware targeting military and civilian critical infrastructures - August 3, 2023