- In October of this year, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.
- Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.
- Killnet – a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.
- Killnet is the polar opposite of the “IT Army of Ukraine,” which is a Telegram channel set up to direct people to attack Russian websites.
- Killnet has targeted a wide range of countries, including Japan, Estonia, and Lithuania, but all for the same reason: they have either sided with Ukraine or engaged in anti-Russian activities.
Russian Hacktivists, Killnet,
Take Down US Airport Websites
Contents
Summary Of The Attack
Stay Up-To-Date On The Latest Attacks
Be the first to know when our experts release new insights on the top attacks.
You're on the list! Just one more step...
Check your email to confirm your subscription.
What Happened?
In October 2022, a pro-Russian hacker group, Killnet, claimed responsibility for hacking several US airport websites.
As we know, the situation between Ukraine and Russia is not getting any better, and more and more countries are becoming involved in the overall situation.
As a result, cyber attacks are now a common occurrence between countries.
Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.
The TSA (Transport Security Administration) issued a statement emphasizing that the cyber attack did not disrupt airport operations and that, while hackers were able to take the websites offline, they did not gain access to airport systems.
What Was The Impact?
Airports in Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri responded to the group’s call to action.
Free Security Policy Templates
Get a step ahead of your cybersecurity goals with our comprehensive templates.
Who Is Killnet?
Killnet is a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.
The group is thought to have formed around March 2022.
Killnet is not the same as Russia’s highly skilled hackers working for its intelligence agencies’ groups like Fancy Bear and Sandworm, which have gained notoriety through hacks of US government systems.
Democratic National Committee and the release of the devastating ransomware NotPetya, respectively.
Killnet, on the other hand, resembles an enraged, nationalist online mob armed with low-level cyber-offensive tools and tactics. Its main achievement is in establishing a narrative about the war.
This group is also popular on the Telegram network, where they have about 90k subscribers on their channel “WE ARE KILLNET.”
There are memes that criticize Ukraine and the West in general, but they also post targets for their subscribers to attack – where we can also see a list of US airport websites that they targeted.
Killnet is the polar opposite of the “IT Army of Ukraine,” which is a Telegram channel set up to direct people to attack Russian websites, though they have more than double the subscribers (200k) and a focus on DDoSing rather than memes.
Similar Attacks
Attackers modified WordPress PHP files of the websites, some of them being ‘wp-singup.php’, ‘wp-cron.php’, ‘wp-settings.php’, ‘wp-mail.php’, and ‘wp-blog-header.php’, with the goal to inject the redirects to the fakes Q&A discussion forums. The final goal is to increase the rankings of fake sites in search engines.
First Signs Of The Attack
Killnet has targeted a wide range of countries, including:
- Japan
- Estonia
- Lithuania
The goal of each attack is to side with Ukraine and engage in anti-Russian activities.
One of the more interesting attacks was on Lithuania’s largest gas and energy supplier in July of this year, called the “biggest cyber-attack in a decade“.
In retaliation for Lithuania’s embargo on sanctioned Russian goods, the hacker group had previously carried out DDoS attacks against Lithuanian military, government, private, and public internet services and websites.
Why Did Killnet Attack US Airports?
Based on some research through well-known networks and people who deal with hacking groups, we concluded that Killnet only wanted media attention in this attack, given that there was no serious impact other than the temporary destruction of US airport websites.
Many hacktivist groups act in this manner to express dissatisfaction and to inform the community that they are active.
From our side, you can consult with any of our cybersecurity experts who will help you defend against DDoS attacks and how to preemptively set up the infrastructure so that there are no unwanted consequences.
Article by
Share This Article
Our Editorial Process
Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.
Categories
The Breach Report
Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.