Private Russian criminal groups that support the invasion of Ukraine have stated that they will attack the infrastructure of NATO members if Russian infrastructure was attacked.
However, it appears that some of these groups have already made good on their threat, as a wave of DDoS attacks has disrupted the normal operation of many U.S. airport websites.
Killnet in particular, a loose confederation of Russian criminal and hacker groups, which is comparable to the hacktivist organization « Anonymous, » has been conducting spot DDoS attacks around the world in support of the invasion of Ukraine since at least April of this year.
The group took credit for the attacks on U.S. airports, posting a list of targets on its Telegram channel.
The DDoS attacks do not appear to have affected flights, but they have made it difficult for travelers to access U.S. airport websites, which are temporarily offline or have extremely slow connection speeds.
For all that, the attacks appear to be focused exclusively on disrupting access to public websites, with no internal U.S. airport network breaches reported yet.
The ability to purchase tickets and the impact on flights is minimal as airline websites have not yet been targeted, but travelers may experience problems booking airport services or checking their flight status.
The Transportation Security Administration (TSA) said they are currently working with airports to help them remediate the attacks and monitor the situation.
Andrew Hay, chief operating officer at LARES Consulting, said, « No vulnerabilities were exploited. The attackers simply overwhelmed the servers by flooding the sites with unnecessary requests, draining server resources. Many of the targeted organizations already use anti-DDoS content delivery networks (CDNs) to mitigate attacks of this nature. Unfortunately, the CDN infrastructure was unable to prevent the deluge of requests. »
It appears that the Russian group Killnet formed shortly after the invasion of Ukraine began; the Five Eyes intelligence coalition issued a public warning about the group after it was spotted attacking government websites in the Czech Republic. The group has since launched DDoS attacks in Italy, Japan, Norway, Lithuania, Moldova and Latvia.
While the vast majority of these incidents are fairly basic DDoS attacks, KillNet claimed in August that they stole files from Lockheed Martin employees in response to the U.S. supplying artillery rocket systems to Ukraine.
However, some security experts believe KillNet is much more of a hype than a substantive issue, good at making headlines for its actions, but ultimately conducting only relatively minor DDoS attacks that are little more than a temporary nuisance to victims.