Pro-Russian hackers claim responsibility for taking down US airport websites

posted on 11th October 2022 by Eddie Saunders
Pro-Russian hackers claim responsibility for taking down US airport websites

Dev Kundaliya, computing.co.uk

Killnet asked hackers to flood the servers running US airport websites with junk requests

Some US airport websites were taken offline on Monday after a pro-Russian hacker group issued a call for attacks.

Killnet claimed responsibility for temporarily taking US airport websites offline, although flight operations remained largely unaffected. The group published a list of US airports on Telegram and encouraged hackers to take part in distributed denial-of-service (DDoS) attacks.

Killnet asked hackers to flood the servers running US airport websites with junk requests, making it impossible for travellers to check the status of their scheduled flights or make reservations for airport services. Killnet hackers are reportedly using custom software to generate fake requests and unwanted traffic that is aimed at the targets.

Some airport websites that were affected on Monday as a result of the DDoS attacks included the Hartsfield-Jackson Atlanta International Airport (ATL), the Los Angeles International Airport (LAX) and Chicago O’Hare International Airport (ORD). Database connection issues were also returned by the websites of Phoenix Sky Harbor International Airport (PHX), Denver International Airport (DIA), and Orlando International Airport (MCO).

There was, however, no evidence that any airport operations were affected.

Researchers from Mandiant which has been tracking the attacks said they saw 15 US airport websites affected overall.

A spokesperson for the US Cybersecurity and Infrastructure Agency (CISA) said that the agency was aware of reports of DDoS attacks aimed at several US airport websites.

“We are coordinating with potentially impacted entities and offering assistance as needed,” the spokesperson said.

In an earlier post on Telegram on Monday, Killnet said other US sites that are susceptible to similar DDoS attacks include sea terminals and logistics facilities, health care systems, weather monitoring stations, subway systems, online trading platforms and exchanges.

Whilst this round of attacks failed to do any lasting damage, they serve as a warning about the potential damage that hacktivist groups linked to the Kremlin are capable of causing. Only last week, Killnet claimed responsibility for taking down the state government websites of  Kentucky, Colorado, and Mississippi.

Killnet first appeared at the start of Russia’s invasion of Ukraine and it has since posted claims of DDoS attacks on websites in countries which have condemned the invasion and declared themselves allies of Ukraine, such as Romania and Italy. 

In June, the group announced that it had launched a DDoS attack on Lithuania in response to the country’s decision to block the transit of goods subject to European Union sanctions to Russia’s Kaliningrad enclave. Several state and private websites in Lithuania were affected.

In August, Killnet said it planned to target Lockheed Martin, the manufacturer of the US-made rocket launchers that the Ukrainian military has been using in the war. The group claimed it had breached Lockheed Martin’s identity authorisation system.

However, Flashpoint, which monitored the campaign, reported it did not find any concrete evidence to suggest that Killnet had compromised Lookheed Martin’s systems.