Cyber Incident Victim: Chicago Department of Aviation

On October 10, 2022, a series of cyberattacks targeted the public-facing websites of multiple major U.S. airports, including Chicago O’Hare International Airport and Midway International Airport, operated by the Chicago Department of Aviation. The attacks began around 3:00 a.m. Eastern Time when the Port Authority of New York and New Jersey notified the Cybersecurity and Infrastructure Security Agency (CISA) that LaGuardia Airport’s systems had been compromised. Subsequently, the websites for Chicago’s airports—flychicago.com and related domains—became inaccessible, remaining offline until approximately noon local time. Similar disruptions affected at least a dozen other airports, including Los Angeles International Airport (LAX), Hartsfield-Jackson Atlanta International Airport, Des Moines International Airport, and Denver International Airport. The attacks were identified as distributed denial-of-service (DDoS) incidents, a method that overwhelms websites with artificial traffic to render them unavailable to legitimate users. Pro-Russian hacker group Killnet claimed responsibility for the coordinated campaign, publishing a target list on its Telegram channel the night prior. Cybersecurity firm Mandiant attributed the attacks to Killnet, noting the group’s history of targeting Ukrainian allies since Russia’s invasion of Ukraine. While the attacker’s infrastructure was traced to the Russian Federation, U.S. officials and analysts found no evidence of direct Russian government involvement in orchestrating the incident.

The attacks exclusively disrupted public web domains reporting wait times, congestion data, and general airport information, with no impact on internal operational systems such as air traffic control, airline communications, security screening, or flight schedules. Chicago Department of Aviation officials confirmed no flights or safety-critical infrastructure were affected, emphasizing the incident’s limitation to “public-facing” online resources. Similar statements were issued by LAX, Atlanta, and Denver airports, all of which restored full website functionality by early afternoon ET through collaborative efforts with cybersecurity teams. Chicago’s Information Security Office, part of the Department of Assets, Information and Services, initiated an investigation to determine the root cause while coordinating with CISA and the FBI. Denver International Airport reported ongoing attacks starting at 11:00 a.m. local time but noted minimal operational impact due to proactive monitoring and information-sharing with federal agencies. The incident’s primary consequence was temporary public inconvenience and heightened media attention, with experts like University of Illinois’ Sheldon H. Jacobson characterizing the disruptions as superficial yet strategically aimed at sowing confusion and projecting symbolic retaliation for U.S. support of Ukraine. Engineers worked to mitigate vulnerabilities and fortify critical infrastructure against future attacks, though no long-term operational or financial damages were reported by any affected airport.