Russian Hacktivists, Killnet, Take Down US Airport Websites

Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.

Author: Dalibor Gašić / Last Updated: 10/27/2022

Reviewed By: Michael Swanagan, CISSP, CISA, CISM

View Our: Editorial Process

Summary Of The Attack

• In October of this year, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.
• Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.
• Killnet – a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.
• Killnet is the polar opposite of the “IT Army of Ukraine,” which is a Telegram channel set up to direct people to attack Russian websites.
• Killnet has targeted a wide range of countries, including Japan, Estonia, and Lithuania, but all for the same reason: they have either sided with Ukraine or engaged in anti-Russian activities.

What Happened?

In October 2022, a pro-Russian hacker group, Killnet, claimed responsibility for hacking several US airport websites.

As we know, the situation between Ukraine and Russia is not getting any better, and more and more countries are becoming involved in the overall situation.

As a result, cyber attacks are now a common occurrence between countries.

Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.

The TSA (Transport Security Administration) issued a statement emphasizing that the cyber attack did not disrupt airport operations and that, while hackers were able to take the websites offline, they did not gain access to airport systems.

What Was The Impact?

Airports in Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri responded to the group’s call to action.

Who Is Killnet?

Killnet is a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.

The group is thought to have formed around March 2022.

Killnet is not the same as Russia’s highly skilled hackers working for its intelligence agencies’ groups like Fancy Bear and Sandworm, which have gained notoriety through hacks of US government systems.

Democratic National Committee and the release of the devastating ransomware NotPetya, respectively.

Killnet, on the other hand, resembles an enraged, nationalist online mob armed with low-level cyber-offensive tools and tactics. Its main achievement is in establishing a narrative about the war.

This group is also popular on the Telegram network, where they have about 90k subscribers on their channel “WE ARE KILLNET.”

There are memes that criticize Ukraine and the West in general, but they also post targets for their subscribers to attack – where we can also see a list of US airport websites that they targeted.

Killnet is the polar opposite of the “IT Army of Ukraine,” which is a Telegram channel set up to direct people to attack Russian websites, though they have more than double the subscribers (200k) and a focus on DDoSing rather than memes.

Similar Attacks

Killnet has targeted a wide range of countries, including:

• Japan
• Estonia
• Lithuania

The goal of each attack is to side with Ukraine and engage in anti-Russian activities.

One of the more interesting attacks was on Lithuania’s largest gas and energy supplier in July of this year, called the “biggest cyber-attack in a decade“.

In retaliation for Lithuania’s embargo on sanctioned Russian goods, the hacker group had previously carried out DDoS attacks against Lithuanian military, government, private, and public internet services and websites.

Why Did Killnet Attack US Airports?

Based on some research through well-known networks and people who deal with hacking groups, we concluded that Killnet only wanted media attention in this attack, given that there was no serious impact other than the temporary destruction of US airport websites.

Many hacktivist groups act in this manner to express dissatisfaction and to inform the community that they are active.

From our side, you can consult with any of our cyber security experts who will help you defend against DDoS attacks and how to preemptively set up the infrastructure so that there are no unwanted consequences.

Related Articles:

• 2.4 TB Data Leak Caused By Microsoft’s Misconfiguration
• $570M Binance Hack: What Happened & Who Is Responsible?
• Sensitive NATO Data Leaked After Cyber Attack On Portugal’s Armed Forces
• Uber’s Internal Systems Compromised By An 18 Year Old
• Cisco Suffers Cyber Attack By UNC2447, Lapsus$, & Yanluowang