A rash of cyberattacks targeted over a dozen major U.S. air travel websites on Monday, including those of several large airports. Security experts believe that the incident, which downed multiple sites but failed to meddle in any operational capacity with air travel, is the work of a pro-Russian hacker group charmingly known as “Killnet.”
Denial-of-service attacks—a kind of basic cyberattack that overwhelms and crashes a site using inflated web traffic—were carried out against at least 13 different public-facing travel sites on Monday, CNN reports.
Federal officials have expressed concern for the hacking episode but have said the incident was not severe. “Obviously, we’re tracking that, and there’s no concern about operations being disrupted,” said Kiersten Todt, Chief of Staff of the US Cybersecurity and Infrastructure Security Agency (CISA), during a security conference in Georgia on Monday.
As far as Gizmodo could discern, the airports that have been affected include: the Des Moines International Airport, Los Angeles International Airport (LAX), Chicago O’Hare International Airport, and the Hartsfield-Jackson Atlanta International Airport. However, all of those airports currently have functioning websites, so it would appear that they have already recovered from the attacks.
Speaking with ABC News, John Hultquist, head of intelligence analysis at Google’s Mandiant, said that the Russian-speaking Killnet group is believed to be behind the attacks. Ever since the invasion of Ukraine in February, Killnet has been reportedly carrying out attacks on NATO allied countries in Europe—allegedly conducting cyberattacks on networks and critical infrastructure. The group bills itself as a “hacktivist” group, though such groups can commonly be cover for state-authorized operations.
But, as this recent episode demonstrates, Killnet has been taking aim at the U.S., as well. Last week, the group is alleged to have targeted a number of state government websites, including Colorado.gov and Kentucky.gov, among others.