Pro-Russian KillNet Hacktivists Attack US Airport Websites

In the context: The KillNet team has taken down the websites of some of the world’s busiest airports. Several terminals in the US are experiencing network problems, and the increased activity of pro-Russian hackers could lead the world into a real cyberwar against the Kremlin.

The well-known group KillNet has launched a new malware campaign based on powerful distributed denial of service (DDoS) attacks targeting the websites of some of the largest US airports. The attacks did not target aircraft or scheduled flights. However, this disrupted user access to websites, flight updates and booking services.

According to information published by KillNet on the official Telegram channel, the target domains were Hartsfield-Jackson Atlanta International Airport (ATL), Los Angeles International Airport (LAX), Chicago O’Hare International Airport (ORD), Orlando International Airport (MCO), Denver Airport (DIA), Phoenix Sky Harbor International Airport (PHX) and other high-traffic terminals in Kentucky, Mississippi and Hawaii.

Airport websites have suffered from a variety of issues and failures, ranging from complete inaccessibility to intermittent or very slow operation. Some websites returned database connection errors or a connection timeout.

Hackers typically perform DDoS attacks by using multiple bot computers (also called zombies) to overwhelm the bandwidth or resources of the target server. These zombies are usually organized into a network known as a botnet. Thus, all computers simultaneously act on the hacker’s command.

In its new attack on airports, KillNet used special software to to generate fake requests and junk traffic that can crash target servers. The malicious campaign did not pose a direct threat to human life or flight safety, but affected an entire sector of the US economy.

The KillNet group is a well-known collective of pro-Russian activists formed around March 2022, a month after Russia invaded Ukraine in what the Kremlin still refers to as a “special military operation.” Before attacking airports, black hat hackers tested their DDoS skills in countries that sided with Ukraine, such as Romania, Italy, Norway, and Lithuania.

Well-known websites are being DDoSed daily, but the geopolitical motives behind a group like KillNet may soon be completely different. The USA is one of the leading forces of NATO. In the most recent statements from the military alliance, attacks in the digital realm have come to be defined as proper wartime initiatives. According to NATO Article 5, an armed attack on one NATO member (whether in Europe or North America) is considered an attack on the entire alliance.