US Airports and KillNet

10839200683?profile=RESIZE_400xSome of the largest airports in the US have been targeted for cyber-attacks; as recent as 10 October, by an attacker group within the Russian Federation.  It’s important to note that the airport operations IT systems targeted did not handle air traffic control, internal airline communications and coordination or transportation security.  "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait times and congestion.[1]  Air safety was allegedly not affected, but the DDoS attack could possibly have cause travelers anger and produced inconvenience.  Over a dozen airport websites were impacted by the "denial of service" attack, reported Mandiant.  That type of attack essentially overloads sites by jamming them with artificial users.

"Killnet," a pro-Russian hacker group, is believed to be behind the attack, according to Mandiant.  While similar groups have been found to be fronts for state-backed actors, they said there is no direct evidence the Russian government was involved in directing this attack.

The attacks were first reported around 3 am EST when the Port Authority notified the

The FBI and Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, each said they were aware of the attacks.  The websites for Des Moines International Airport, Los Angeles International Airport (LAX) and Chicago O'Hare International Airport appeared impacted on 10 October.  Later in the morning, Denver International Airport, the third busiest airport in the country, was attacked and continues to be attacked, according to an airport spokesperson.  "Similar to many other US airports, DEN’s website has been targeted," the spokesperson told media.  "The attacks began around 11 a.m. this morning and they continue.  The attackers are attempting to overwhelm our website so that it becomes unavailable to the public."  "At this time, the attacks have not been impactful, though we are closely monitoring these attacks and any others.  We are also sharing information on these attacks with TSA, CISA and other airports," the Denver spokesperson added.

Hartsfield-Jackson Atlanta International Airport reported around 10:30 am EST that its site is back up and running and that "at no time were operations at the airport impacted."  "Early this morning, the FlyLAX.com website was partially disrupted," Los Angeles LAX said in a statement.  "The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions."  LAX said its website was back up and running a little before 1 pm EST.

The group "Killnet" has been active since the beginning of the war in Ukraine, targeting Ukrainian allies and recently claiming credit for taking down government websites in the US.  Killnet operates internationally and have been known to carry out attacks across Europe. 

Cyber engineers and programmers are actively working to close backdoors that allowed the attacks and shoring up more critical computer infrastructure.  Jamming attacks like the one seen on the 10th of October are highly visible but largely superficial and often temporary, researchers said.  "We are pretty clear it's a Russian cyber group that claimed responsibility," Sen. Chuck Schumer, D-NY, said on the 10th, going on to connect the attacks to the Ukrainian bombing of a bridge in Crimea over the weekend.  "We are asking our authorities to confirm who did it and then take the appropriate strong action so the Russians know they cannot get away with this.  Putin has a lot of nerve, after his brutal vicious war against the Ukrainian people, to now say he has the right to retaliate because they protected themselves with a bridge is outrageous."       

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.    For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com      

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://abcnews.go.com/Technology/cyberattacks-reported-us-airports/story/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!