Cyber Incident Victim: Cochin International Airport Limited
Date:
Apr 2023
Location:
India
Summary
The Cochin International Airport Limited website was rendered inoperable by a distributed denial-of-service attack attributed to the group Anonymous Sudan. This politically motivated hacktivist group targeted multiple Indian airport websites, causing several hours of downtime by flooding them with traffic. The incident was investigated by police who found no major damage beyond the temporary service disruption. The same group subsequently issued warnings and targeted other sectors, including healthcare.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the evening of Saturday, April 7, 2023, the official website of Cochin International Airport Limited (CIAL) became inoperable due to a significant influx of malicious traffic. This event was identified as a distributed denial-of-service (DDoS) attack, a technique designed to overwhelm a web server and render it inaccessible to legitimate users. The attack was claimed by a hacker group identifying itself as Anonymous Sudan. The disruption to the CIAL website persisted until approximately 10 PM on the same day, resulting in several hours of downtime for the airport's primary public-facing web portal. This incident was not isolated to Cochin airport; the websites of other major Indian airports, including those in Delhi, Mumbai, Hyderabad, and Goa, were also targeted by the same group in a coordinated campaign.
Prior to executing these attacks, Anonymous Sudan had issued a public warning of its intentions. The group utilized the Telegram messaging platform to announce that India would be a target for its activities until April 14, 2023. This warning provided a clear indication of the group's planned timeframe for disruptive actions but did not specify the exact targets or methods. Cyber experts have characterized Anonymous Sudan as a politically motivated hacktivist group. Its stated rationale for targeting India is a criticism of the persecution of minorities, making its actions a form of digital protest aligned with its ideological stance.
In response to the cyber attack, CIAL officials filed a formal complaint with the Ernakulam Rural Police. This led to the registration of a case on the night of Monday, April 10, 2023. The case was registered under specific sections of the Information Technology Act, namely Sections 43, 66, and 66F. These sections pertain to computer damage, computer-related offences, and the more serious charge of cyber-terrorism, reflecting the nature of the attack and its potential to cause widespread disruption. Following the registration of the case, a police team initiated an investigation by visiting CIAL's facilities to examine the affected computer systems.
The initial forensic examination by law enforcement determined that the impact of the attack was primarily limited to the availability of the website. The police investigation concluded that no major damage to the underlying computer systems or data had occurred. The attackers' success was confined to pumping a high volume of traffic toward the web servers, which saturated its capacity and made the website inoperable for the duration of the attack. There was no evidence found to suggest a breach of the system's integrity or confidentiality, such as data exfiltration or installation of malware. The incident was contained to a temporary service outage.
The disruptive actions of Anonymous Sudan continued beyond the attack on the airport websites. On Monday, April 10, the same day CIAL filed its police complaint, the group shifted its focus to another critical sector. Again using Telegram, Anonymous Sudan announced it was targeting India's health sector. The group posted a message claiming that hospitals and the health sector were being taken offline because of what they were doing to Muslims. As part of this announcement, the group shared links to the websites of ten specific hospitals, one of which was identified as being based in Kerala. This demonstrated a pattern of behavior where the group publicly declared its motives and targets before or during its attacks.
The investigation into the attack on CIAL remained ongoing, with law enforcement working to understand the full scope of the incident and identify the perpetrators. The registration of the case under cyber-terrorism statutes indicated the seriousness with which authorities were treating the matter, given the critical infrastructure nature of an international airport. The probe aimed to gather technical evidence from the affected systems to trace the origin of the attack and build a case against the responsible parties. The public statement from a police officer confirmed the limited technical impact but affirmed the commitment to pursue the case. The incident highlighted the vulnerability of public-facing digital infrastructure to politically motivated DDoS campaigns designed to cause temporary disruption and generate publicity for the attackers' cause.