Pro-Russian Hacktivist Groups Take Down Numerous U.S. Airport Websites
More attacks on critical infrastructure could follow these attacks.
Pro-Russian hacktivist groups on Monday attacked numerous U.S. airport websites, causing temporary disruptions. Fortunately, there was no impact on flight operations.
The distributed denial of service (DDoS) attacks overwhelmed the servers hosting these sites. That made it impossible for travelers to connect and get updates about their scheduled flights or book airport services.
The hacktivist groups targeted airports in 24 states.
According to a Radware cybersecurity alert, following a series of DDoS attacks targeting government websites in the United States last week, Killnet’s founder, KillMilk, announced via an interview with Russia Today that the threat group would target civilian network infrastructure in the United States over the coming days. Less than 48 hours later, pro-Russian hacktivist groups began listing targets and announcing outages related to their DDoS attacks on websites of U.S. airports.
Daniel Smith is head of research for Radware’s Cyber Threat Intelligence.
Radware’s Daniel Smith
“DDoS attacks against civilian infrastructures, such as informative airport websites, are designed to cause panic and discord among the victims, but are often performed by low-level threat actors who cannot drive more significant outages,” he said. “While there is always a possibility of a cyberattack resulting in flight disruption, the tactics, techniques and procedures (TTP) of pro-Russian hacktivists KillNet, NoName057(16), and Anonymous Russia present a low-to-moderate level of risk for targeted organizations. DDoS attacks launched by these groups are only effective against unprotected assets or misconfigured devices.”
With that said, pro-Russian hacktivists have shown a desire over the last few months to match the successes of pro-Ukrainian DDoS campaigns by groups like the IT Army, Smith said.
“If successful in reaching their ability, the pro-Russian hacktivists could pose a more significant threat to targeted organizations,” he said.
KillNet and NoName057(16)
Killnet is a pro-Russian threat group known for launching DDoS attacks against those in public and private sectors that directly and indirectly support Ukraine or have in some way offended Russia, according to Radware. The group formed in January, selling DDoS services. However, it quickly transitioned into a hacktivist group following the Russian invasion of Ukraine.
The security industry knows NoName057(16) for launching defacement and DDoS attacks against Ukraine, and those directly and indirectly supporting Ukraine. The group formed in March on Telegram and became a notable threat group by June. Since then, the group has gathered a following of nearly 13,000 subscribers. It has been seen operating in support of Killnet operations.
The hacktivist groups deny any association with the Russian government, Radware said.
During the attacks, Chicago’s air travel website was inaccessible. Following the outage in Chicago, Los Angeles International Airport (LAX), Hartsfield-Jackson Atlanta International Airport (ATL), and Phoenix Sky Harbor Airport (PHX) websites were all offline.
The hacktivist groups present a moderate threat to the current landscape, according to Radware. However, these threat groups have recently demonstrated the ability to evolve into a more advanced threat.
Scroll through our slideshow above for more about the attacks on U.S. airport websites.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author
You May Also Like