Cyber Incident Victim: Asiana Airlines

On February 19, 2017, Asiana Airlines' official website was compromised by a hacker known as Kuroi’SH, resulting in a defacement incident. The attacker replaced the site's content with a political message expressing support for Serbia and condemning Albania, specifically referencing tensions over Kosovo. The defacement included a rant against the "NewBorn" monument in Pristina, Kosovo, with threats to destroy it, alongside an apology to Spain's Iberia Airlines – the hacker's original target, which was abandoned due to perceived privacy risks. Kuroi’SH claimed the attack was motivated by a desire to "spread the word" about Serbian-Albanian conflicts, though he clarified having no direct affiliation with Serbia. Technical analysis revealed the breach occurred through DNS hijacking via Asiana's hosting provider, redirecting visitors to the defaced page. The compromised DNS configuration caused users attempting to access Asiana's website to be automatically redirected to the hacker's content.

Asiana Airlines confirmed the DNS compromise through official Twitter statements on February 20, notifying customers about the redirection issue and advising them of temporary service disruptions. The airline immediately reported the incident to relevant authorities and initiated recovery procedures, publicly apologizing for operational inconveniences. By February 22, the website was fully restored to normal functionality. The attacker had prior notoriety for defacing Google Brazil and Google Vanuatu domains in previous campaigns. No data breach or financial system compromise was reported, with impacts limited to temporary website inaccessibility and reputational exposure from the political messaging. The incident concluded with service restoration without further escalation or disclosed collateral damage.