Earlier today, the pro-Russian hacktivist group ‘KillNet’ is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible.
It’s been reported that the DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services.
It’s important to note examples of airport websites that are currently unavailable including the Hartsfield-Jackson Atlanta International Airport (ATL), one of the country’s larger air traffic hubs, and the Los Angeles International Airport (LAX), which is intermittently offline or very slow to respond.
In addition, other airports returning database connection errors include Chicago O’Hare International Airport (ORD), Orlando International Airport (MCO), Denver International Airport (DIA), Phoenix Sky Harbor International Airport (PHX), along with some in Kentucky, Mississippi, and Hawaii.
It appears that KillNet listed the domains yesterday on its Telegram channel, where members and volunteers of the hacktivist group gather to acquire new targets.
They are solely relying on custom software to generate fake requests and garbage traffic directed at the targets with the goal of depleting their resources and making them unavailable to legitimate users.
In this particular case, the DDoS attacks do not impact flights, but they still have an adverse effect on the function of a crucial economic sector, threatening to disrupt or delay associated services.
It’s known that previously, KillNet has targeted countries that sided with Ukraine, like Romania and Italy, while its “sub-group” Legion struck key Norwegian and Lithuanian entities for similar reasons.
Whilst the war in Ukraine has entered a new phase, pro-Russian threat actors and hacktivists are trying to ramp up their retaliatory cyberattacks against neuralgic organizations in the western world.
As the U.S., being the de-facto leader of NATO, which is Russia’s main military rival, has supplied Ukraine with intelligence and equipment from early on in the war, but DDoS attacks so far seemed to be focused on EU targets, especially after the announcement of sanctions.
Concluding that KillNet’s targeting scope expanded to include the U.S. only last week when the DDoS group attacked government websites in Colorado, Kentucky, and Mississippi, with moderate success.