U.S. airports in cyberattack crosshairs for pro-Russian group Killnet

Hot on the heels of attacks against US state government websites, pro-Russian threat group Killnet on Monday disrupted the websites of multiple US airports in a series of distributed denial-of-service (DDoS) attacks.

It also called on similarly aligned groups and individuals to carry out DDoS attacks on other US infrastructure targets, in what appears to be an escalation of a recent campaign protesting the US government’s support for Ukraine in its war with Russia.

Airport websites that were affected by Killnet’s DDoS attacks included Los Angeles International Airport (LAX), Chicago O’Hare, and the Hartsfield-Jackson Atlanta International Airport, among others. While the DDoS attacks made some of the sites inaccessible for several hours, they do not appear to have had any impact on airport operations.

Researchers from Mandiant who have been tracking the attacks said they observed a total of 15 US airport websites being impacted.

Mostly Brief Interruptions

In a statement to Dark Reading, airport authorities at LAX confirmed the attack.

“Early this morning, the FlyLAX.com website was partially disrupted,” an LAX spokesperson noted in an emailed statement. LAX officials described the service interruption as being limited to portions of the public-facing FlyLAX.com website only. “No internal airport systems were compromised and there were no operational disruptions,” according to the statement, adding that the airport’s IT team has restored services and that the airport has notified the FBI and the Transportation Security Administration (TSA).

In an emailed statement to Dark Reading, the Chicago Department of Aviation (CDA) noted that its flychicago.com and related websites for O’Hare and Midway international airports went offline, but confirmed that airport operations were affected.

“City of Chicago IT staff worked diligently to restore the website’s functionality shortly after noon Central Time, and they continue to vigilantly monitor the situation,” the statement said.

Ivan Righi, senior cyber threat intelligence analyst at Digital Shadows, says Killnet has also asked its supporters to join in on the airport attacks and posted a list of domains to be targeted on its Telegram channel. In total, the group mentioned 49 domains belonging to airports across the US, he says. Killnet’s target list includes airports in some two dozen states including California, Delaware, Florida, Georgia, Illinois, Maryland, Massachusetts, and Michigan.

To read the complete article, visit Dark Reading.