More than a dozen websites for American airports were knocked offline Monday morning by an apparent cyberattack originating in Russia, according to a report from the Associated Press.
The incident, which is being described as a “coordinated distributed denial-of-service (DDoS) attack,” did not disrupt any airport operations such as air traffic control, airlines, or security,, officials said.
Who is Behind the DDoS Attack
Investigators say Monday’s DDoS attack was the work of a group called “Killnet,” a pro-Russia “hacktivist” group. The group has repeatedly targeted government institutions and private companies around the world since the Russian invasion of Ukraine in March.
The bark is worse than the bite, however. DDoS attacks aim to disrupt the traffic flow to a targeted server, service, or network by flooding them with fake requests. In turn, this renders websites inaccessible to regular users. Although psychologically concerning, DDoS attacks are typically superficial and do not leave any lasting damage.
49 Airports Targeted
Word of the upcoming attack came at 0650 ET Monday morning via Killnet’s account on Telegram, a cloud-based instant messaging service. One hour later, the websites for Chicago O’Hare International Airport (ORD) and Chicago Midway (MDW) went offline.
Major airports targeted include Los Angeles International Airport (LAX), and Hartsfield-Jackson Atlanta International Airport (ATL). Additionally, Killnet mentioned airports in Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri. Some of the other affected airports include:
- Montgomery Regional Airport, Ala. (MGM)
- Long Beach Airport, Calif. (LGB)
- Delaware Coastal Airport (GED)
- LaGuardia Airport (LGA)
- Southwest Florida International Airport (RSW)
- Des Moines International Airport (DSM)
- Central Illinois Regional Airport at Bloomington-Normal (BMI)
- Indianapolis International Airport (IND)
- Jackson-Medgar Wiley Evers International Airport, Miss. (JAN)
- St. Louis Lambert International Airport (STL)
The Killnet Telegram message provided a list of 49 domains in all. By Monday afternoon, service had largely been restored to affected sites.
No Lasting Damage – This Time
Killnet has stated that one of its aims is to target America’s civilian network sector. It is part of a coordinated campaign to disrupt critical sectors in America and other NATO nations, likely as an act of retaliation to its involvement in the Russia-Ukraine war.
John Hultquist, Vice President of Threat Intelligence at Mandiant, a Virginia-based company that helps organizations defend against cybercrime, worries that this incident could be a prelude to future – more brazen – attacks.
“DDoS is typically superficial and short-lived but also highly visible,” Hultquist tweeted on Monday. “Their limited aim is to manipulate our perceptions. These are not the serious impacts that have kept us awake. My only concern here is that we may be entering a new phase of increased targeting in the US that might include more serious incidents. Time will tell.”
In addition to US airports, the hacktivist group has recently targeted a US Congress website and multiple state government websites.