Breach, Content, Content

Pro-Russian Group Killnet Suspected in Airport Hacks

Credit: Pixabay

Reports abound that hackers knocked offline more than a dozen U.S. airport websites Monday.

The airport websites were hit by denial of service (DDoS) attacks, John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant, told ABC News.

DDoS attacks work by flooding computer servers with traffic to render them non-functional. However, there were no reported service interruptions at any of the affected airports.

Killnet Hacker Group's Russian Connection

The alleged hacker group, Killnet, is believed to be behind the attacks. Similar groups have been found to be fronts for state-backed actors, but Hultquist told reporters there is no evidence the Russian government was involved in directing the cyberattacks. Killnet is known to support the Kremlin but are not thought to directly be government actors, according to published reports.

Russian-speaking Killnet hackers reportedly claimed responsibility for the cyberattacks, which include LaGuardia Airport in New York, O’Hare Airport in Chicago, Hartsfield-Jackson Atlanta International Airport and Los Angeles International Airport.

“Obviously, we’re tracking that, and there’s no concern about operations being disrupted,” Kiersten Todt, Chief of Staff of the Cybersecurity and Infrastructure Security Agency (CISA), said Monday at a security conference in Sea Island, Georgia. (Source: CNN)

A senior U.S. government official told ABC News that the hackers were located within Russia. The Transportation Security Administration (TSA) told CNN it was “monitoring the situation,” but offered no further comment.

Killnet, as reported by Politico, is radically different from Russia's highly skilled hackers working for its intelligence agency groups, such as Fancy Bear and Sandworm, which have gained fame through hacks of the U.S. Democratic National Committee and launching the devastating ransomware called NotPetya, respectively.

“Killnet, on the other hand, is more like an angry, nationalist online mob armed with low-grade cyber-offensive tools and tactics. Its big success is in setting a narrative about the war,” Politico stated.

Killnet Suspected in Recent Lithuania, Estonia Cyberattacks

In June, Killnet’s targeting of Lithuania propelled it to a new level of popularity in Russian media, following Vilnius’ blockade of goods to the Russian territory of Kaliningrad, Politico reported. In a video message circulated online, the group demanded that Lithuania allow the transit of goods to Kaliningrad, otherwise, attacks would continue. Ultimately, the attack had “limited success” according to the country's Vice Minister of National Defense Margiris Abukevičius, with just a few web pages taken down.

Hackers targeted Estonia on August 17, but government officials said the breach on e-government services had gone “largely unnoticed” by Estonian citizens.

MSSP Alert DDoS Attack Coverage

Critical infrastructure MSSPs should continue to monitor closely Killnet activities. Transportation and other vital resources could be next. For further insights on DDoS attacks, and ties to the Russian-Ukraine conflict, check out MSSP Alert's recent coverage:

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.