Updated Russian miscreants claimed responsibility for knocking more than a dozen US airports’ websites offline on Monday morning in what appeared to be a large-scale, distributed-denial-of-service (DDoS) attack.
At 0800 PT, Hartsfield-Jackson Atlanta International Airport’s website was down and Chicago O’Hare International Airport’s website displayed a 503 error with the message “www.flychicago.com is currently unable to handle this request.” At time of publication, the Atlanta site is blocked while Chicago is operational again.
At the same time, one of The Reg‘s own vultures was boarding a plane in Chicago and reported no operational issues at the gate. “Fingers crossed no disruptions crop up in the next 20 mins,” our scribe said. Other airports’ websites, including Los Angeles International, were alternately extremely slow or offline.
A spokesperson for the US Transportation Security Administration, when reached by The Register, said to contact the airports directly about the issue. None of the airports contacted by The Register were immediately available to comment.
According to CNN, no immediate signs of impact to air travel were reported at the 14 airports targeted in the DDoS attack. No core systems are thought to have been cracked; it’s a basic buy-enough-bots PR stunt.
Russian hacktivist group Killnet claimed responsibility for the network-traffic flooding incidents, and released the names and websites of the airports hit, according to security researchers on Twitter:
#killnet has released a target list of #USA airports. According to @AlvieriD #Chicago O’hare airport and #Atlanta airport two of the biggest in the US been having issues for several hours.#cybersecurity #infosec #RussiaUkraineWar#UkraineRussiaWar #America#cyberattack pic.twitter.com/mk16qjXTcS
— CyberKnow (@Cyberknow20) October 10, 2022
This same pro-Russian group, known for conducting other DDoS attacks, which also claimed responsibility last week for downing US state government websites in Colorado, Kentucky, Mississippi and other states. The rationale was America’s continued support for Ukraine since the Kremlin illegally invaded its neighboring country in February.
In recent months Killnet has also claimed responsibility for similar cyberattacks against government and corporate websites in Lithuania, Romania and Japan.
Ukraine’s Defense Ministry in late September warned that Russian cyber goons planned to ramp up their cyberattacks against that country and its allies. In addition to targeting Ukrainian energy facilities, The Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, primarily Poland and the Baltic States,” the Ukrainian government warned.
DDoS floods against Ukraine and its friends has been a favorite Russian tactic since even before the physical war began. These network traffic assaults hit an all-time high during the first quarter of 2022.
The new DDoS events against US airports follow massive missile strikes against at least 10 Ukrainian cities on Monday. ®
Updated to add
A CISA spokesperson told The Register that the agency “is aware of reports of DDoS attacks targeting multiple US airport websites. We are coordinating with potentially impacted entities and offering assistance as needed.”