Pro-Russian Group KillNet Claims Responsibility for 14 US Airport DDoS Attacks

Written by

On Monday, October 10, 2022, the websites of several US airports were disrupted due to a large-scale campaign of distributed denial-of-service (DDoS) attacks, in which servers were flooded with web traffic to knock websites offline.

The victims include Los Angeles International Airport (LAX), Hartsfield-Jackson Atlanta International Airport (ATL), Chicago O'Hare International Airport (ORD), as well as other airports in Florida, Colorado, Arizona, Kentucky, Mississippi and Hawaii.

The DDoS attacks meant that these airports’ public-facing websites were either offline for a few hours, intermittent or slow to respond. They did not have any direct impact on airport operations.

Some airport authorities, such as LAX, notified the Transportation Security Administration and the FBI about the incident.

Later that day, the pro-Russian hacktivist group ‘KillNet’ claimed the attack and listed 14 targeted domains on a Telegram channel.

This is not the first time KillNet has used this type of attack. In March 2022, they knocked a US airport’s website offline in retaliation for US support for Ukraine, according to a federal cybersecurity advisory.

However, several security researchers criticized some of the US media’s first headlines when the news broke, some of which omitted to mention the attack only impacted the airports’ websites, while others mentioned that the group was “linked to the Russian Federation.”

“The airport attacks, like the state government attacks before them, are what we make of them. DDoS is typically superficial and short-lived but also highly visible. Their limited aim is to manipulate our perceptions. These are not the serious impacts that have kept us awake,” John Hultquist, VP of threat intelligence at Mandiant, said on Twitter.

“A reminder to media that KillNet is [a] bunch of kids, not Russian state cyber capabilities,” said security expert Kevin Beaumont. “You should give coverage equally as you do to [the] IT Army of Ukraine, who DDoS targets in Russia all day very successfully, and have done for months.”

What’s hot on Infosecurity Magazine?