Some of the nation’s largest airports have been targeted for cyberattacks Monday by an attacker within the Russian Federation, a senior official briefed on the situation confirmed to ABC News.
Importantly, the systems targeted do not handle air traffic control, internal airline communications and coordination, or transportation security. “It’s an inconvenience,” the source said. The attacks have resulted in targeted “denial of public access” to public-facing web domains that report airport wait times and congestion.
Over a dozen airport websites were impacted by the “denial of service” attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant, told ABC News. That type of attack essentially overloads sites by jamming them with artificial users.
“Killnet,” a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.
The attacks were first reported around 3 a.m. ET when the Port Authority notified the Cybersecurity and Infrastructure Security Agency that the LaGuardia Airport system had been hit. LaGuardia has been restored, but other airports around the country have subsequently been targeted.
The 14 websites include the one for Atlanta’s Hartsfield-Jackson International Airport. An employee there told CNN there were no operational impacts. The Los Angeles International Airport website was offline earlier but appeared to be restored shortly before 9 a.m. Eastern. A spokesman did not immediately return a request for comment.
The hacking group known as Killnet listed multiple US airports as targets. It stepped up activity to target organizations in NATO countries after Russia’s February invasion of Ukraine. The loosely organized “hacktivists” are politically motivated to support the Kremlin but ties to Moscow are unknown.
The group claimed responsibility last week for knocking offline US state governments websites. Killnet is blamed for briefly downing a US Congress website in July and for cyberattacks on organizations in Lithuania after the country blocked shipment of goods to the Russian enclave of Kaliningrad in June.
The type of cyberattack used by Killnet is known as “distributed denial of service” (DDoS), in which hackers flood computer servers with phony web traffic to knock them offline.
“DDoS attacks are favored by actors of varying sophistication because they have visible results, but these incidents are usually superficial and short lived,” John Hultquist, a vice president at Google-owned cybersecurity firm Mandiant, told CNN.
