The well-known KillNet group orchestrated a new malicious campaign based on powerful distributed denial-of-service (DDoS) attacks, targeting the websites of some of the largest airports in the United States. The attacks did not ground aircraft or scheduled flights. However, it did disrupt user access to the websites, flight updates, and booking services. According to information released by KillNet on its official Telegram channel, the targeted domains belonged to the Hartsfield-Jackson Atlanta International Airport (ATL), Los Angeles International Airport (LAX), Chicago O’Hare International Airport (ORD), Orlando International Airport (MCO), Denver International Airport (DIA), Phoenix Sky Harbor International Airport (PHX) and other high-traffic terminals in Kentucky, Mississippi, and Hawaii. The airports’ websites suffered various issues and outages, from being entirely unavailable to working intermittently or very slowly. Some websites were returning database connection or connection timeout errors.
Hackers typically execute DDoS attacks by utilizing multiple bot computers (also called zombies) to flood the bandwidth or resources of a targeted server. These zombies are usually arranged in a network known as a botnet. This way, all the computers simultaneously act on the hacker’s command. In its new attack against the airports, KillNet used custom software to generate fake requests and garbage traffic capable of crashing the targeted servers. The malicious campaign didn’t pose a direct danger to people’s life or flight security, but it did impact an entire sector of the US economy. The KillNet group is a known collective of pro-Russian activists formed sometime around March 2022, the month after Russia invaded Ukraine in what the Kremlin still defines as a “special military operation.” Before targeting airports, the black-hat hackers tested their DDoS skills with countries that sided with Ukraine, like Romania, Italy, Norway, and Lithuania. High-profile websites suffer DDoS attacks daily, but the geo-political motivations behind a group like KillNet could soon become completely different. The US is one of the leading forces of NATO. The most recent statements from the military alliance have started to define attacks in the digital realm as proper wartime initiatives. According to Nato’s Article 5, an armed attack against one NATO member (be it in Europe or North America) is considered an attack against the entire alliance.