Cyber Incident Victim: Erfut-Weimar Airport
Date:
Feb 2023
Location:
Germany
Summary
A DDoS attack disrupted website accessibility at several German airports, with internal systems reportedly unaffected according to airport association officials. The incident followed unrelated passenger disruptions from an IT failure at a major transportation hub, though the two events were not linked. Administrators traced the website outages to malicious traffic patterns, corroborating suspicions of a deliberate cyberattack. Pro-Russian hacktivist group Killnet claimed responsibility, publicly connecting the attack to geopolitical opposition regarding military aid provisions. This mirrored prior months' disruptive campaigns by the same group targeting aviation sector websites domestically and internationally in retaliation for similar foreign policy decisions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 16, 2023, multiple German airports experienced disruptions when their public-facing websites became inaccessible due to distributed denial-of-service (DDoS) attacks. Ralph Beisel, chief executive of the ADV airport association, confirmed the attacks impacted airport websites but clarified other internal systems remained operational. The disruptions occurred one day after an unrelated IT failure at Frankfurt Airport caused cancellations and delays for Lufthansa passengers, compounding travel disruptions across Germany. Airport administrators attributed the website outages to abnormal malicious traffic patterns consistent with coordinated DDoS activity. A Dortmund Airport spokeswoman stated technicians were actively troubleshooting the issue and explicitly ruled out routine traffic overload as the cause, noting "there is reason to suspect it could be a hacker attack." The attacks temporarily blocked access to critical online services including flight information portals and customer-facing platforms, though physical airport operations continued without reported interference. Security professionals investigating the incidents identified similarities to earlier attack campaigns targeting German critical infrastructure.
The DDoS incidents followed a documented pattern of hacktivist activity by the pro-Russia group KillNet, which publicly called for attacks against German airports via its Telegram channel on February 16. This timing aligned directly with geopolitical developments, as German Chancellor Olaf Scholz had announced approval for supplying Leopard 2 tanks to Ukraine during a cabinet meeting on February 15. KillNet had previously claimed responsibility for DDoS attacks against German airports, government bodies, and financial institutions in early January 2023, explicitly citing retaliation against military support for Ukraine. Historical attack patterns showed the group's consistent focus on disruptive but non-destructive website takedowns rather than penetrating secured operational networks.
While no group officially claimed responsibility for the February 16 attacks during the initial response period, security analysts noted KillNet's prior October 2022 campaign against major U.S. airports employed identical DDoS tactics. Airport cybersecurity teams worked to restore website accessibility through traffic filtering and infrastructure hardening measures, though the full mitigation timeline remained unspecified in available reports. The incidents underscored persistent vulnerabilities in public-facing airport digital assets despite heightened vigilance following previous attacks, though containment procedures successfully prevented operational system compromises.