Cyberattacks by Russian-speaking hackers reported at US airports

Some of the largest airports in the US have been targeted for cyberattacks with Russian-speaking hackers claiming responsibility.

However, the systems targeted do not handle air traffic control, internal airline communications, and coordination, or transportation security.

“It’s an inconvenience,” the source said. The attacks have resulted in targeted “denial of public access” to public-facing web domains that report airport wait times and congestion.

About 14 websites including the one for Atlanta’s Hartsfield-Jackson International Airport were targeted. 

The attacks were first reported around 3 a.m. ET when the Port Authority notified the Cybersecurity and Infrastructure Security Agency that the LaGuardia Airport system had been hit. LaGuardia has been restored, but other airports around the country have subsequently been targeted.

The websites for Des Moines International Airport, Los Angeles International Airport (LAX), and Chicago O’Hare International Airport appeared impacted Monday morning.

Hartsfield-Jackson Atlanta International Airport reported around 10:30 a.m. ET that its site is back up and running and that “at no time were operations at the airport impacted.”

“Early this morning, the website was partially disrupted,” LAX said in a statement to ABC News. “The service interruption was limited to portions of the public-facing website only. No internal airport systems were compromised and there were no operational disruptions.”

Engineers and programmers are actively working to close backdoors that allowed the attacks and shoring up more critical computer infrastructure.

According to CNN, the hacking group known as Killnet listed multiple US airports as targets. It stepped up activity to target organizations in NATO countries after Russia’s February invasion of Ukraine. 

The group claimed responsibility last week for knocking offline US state governments’ websites.


Killnet is also blamed for briefly downing a US Congress website in July and for cyberattacks on organizations in Lithuania after the country blocked shipment of goods to the Russian enclave of Kaliningrad in June.

The type of cyberattack used by Killnet is known as “distributed denial of service” (DDoS), in which hackers flood computer servers with phony web traffic to knock them offline.

“DDoS attacks are favored by actors of varying sophistication because they have visible results, but these incidents are usually superficial and short lived,” John Hultquist, a vice president at Google-owned cybersecurity firm Mandiant, told CNN.

Leave a Reply