Recent Cyber Attacks

Russian Hacktivists, Killnet,
Take Down US Airport Websites

April 28, 2024

Summary Of The Attack

- In October of this year, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.
- Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.
- Killnet – a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.
- Killnet is the polar opposite of the “IT Army of Ukraine,” which is a Telegram channel set up to direct people to attack Russian websites.
- Killnet has targeted a wide range of countries, including Japan, Estonia, and Lithuania, but all for the same reason: they have either sided with Ukraine or engaged in anti-Russian activities.

What Happened?

In October 2022, a pro-Russian hacker group, Killnet, claimed responsibility for hacking several US airport websites.

As we know, the situation between Ukraine and Russia is not getting any better, and more and more countries are becoming involved in the overall situation.

As a result, cyber attacks are now a common occurrence between countries.

Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.

The TSA (Transport Security Administration) issued a statement emphasizing that the cyber attack did not disrupt airport operations and that, while hackers were able to take the websites offline, they did not gain access to airport systems.

What Was The Impact?

Airports in Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri responded to the group’s call to action.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

Download Now

Who Is Killnet?

Killnet is a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.

The group is thought to have formed around March 2022.

Killnet is not the same as Russia’s highly skilled hackers working for its intelligence agencies’ groups like Fancy Bear and Sandworm, which have gained notoriety through hacks of US government systems.

Democratic National Committee and the release of the devastating ransomware NotPetya, respectively.

Killnet, on the other hand, resembles an enraged, nationalist online mob armed with low-level cyber-offensive tools and tactics. Its main achievement is in establishing a narrative about the war.

This group is also popular on the Telegram network, where they have about 90k subscribers on their channel “WE ARE KILLNET.”

There are memes that criticize Ukraine and the West in general, but they also post targets for their subscribers to attack – where we can also see a list of US airport websites that they targeted.

Killnet is the polar opposite of the “IT Army of Ukraine,” which is a Telegram channel set up to direct people to attack Russian websites, though they have more than double the subscribers (200k) and a focus on DDoSing rather than memes.

Similar Attacks

Attackers modified WordPress PHP files of the websites, some of them being ‘wp-singup.php’, ‘wp-cron.php’, ‘wp-settings.php’, ‘wp-mail.php’, and ‘wp-blog-header.php’, with the goal to inject the redirects to the fakes Q&A discussion forums. The final goal is to increase the rankings of fake sites in search engines.

First Signs Of The Attack

Killnet has targeted a wide range of countries, including:

Japan
Estonia
Lithuania

The goal of each attack is to side with Ukraine and engage in anti-Russian activities.

One of the more interesting attacks was on Lithuania’s largest gas and energy supplier in July of this year, called the “biggest cyber-attack in a decade“.

In retaliation for Lithuania’s embargo on sanctioned Russian goods, the hacker group had previously carried out DDoS attacks against Lithuanian military, government, private, and public internet services and websites.

Why Did Killnet Attack US Airports?

Based on some research through well-known networks and people who deal with hacking groups, we concluded that Killnet only wanted media attention in this attack, given that there was no serious impact other than the temporary destruction of US airport websites.

Many hacktivist groups act in this manner to express dissatisfaction and to inform the community that they are active.

From our side, you can consult with any of our cybersecurity experts who will help you defend against DDoS attacks and how to preemptively set up the infrastructure so that there are no unwanted consequences.

Article by

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.