Cyber Incident Victim: Dusseldorf Airport
Date:
Feb 2023
Location:
Germany
Summary
Multiple German airports suffered website outages due to distributed denial-of-service (DDoS) attacks, rendering their sites unreachable and disrupting public access. While airport systems remained operational, administrators attributed the disruptions to malicious traffic, ruling out routine overloads. A pro-Russia hacktivist group, Killnet, claimed responsibility, aligning the attacks with previous campaigns targeting German infrastructure in response to military support for Ukraine. The incident occurred shortly after unrelated IT issues caused travel disruptions for a national airline at a major hub, though no broader operational impacts were reported. This marks a recurring pattern following geopolitical decisions, with Killnet similarly targeting U.S. airport websites in prior months.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 16, 2023, the websites of multiple German airports became unreachable due to distributed denial-of-service (DDoS) attacks, disrupting public access to critical online services. Administrators at affected airports, including Dortmund, confirmed technical investigations ruled out routine overloads as the cause, with a Dortmund Airport spokeswoman explicitly stating suspicions of malicious hacker activity. The ADV airport association's chief executive, Ralph Beisel, validated these assessments, confirming a coordinated DDoS campaign had targeted airport websites while clarifying that internal airport systems—such as flight operations, baggage handling, and security infrastructure—remained unaffected. The incident occurred one day after an unrelated IT failure at Frankfurt Airport caused significant Lufthansa flight cancellations and delays, compounding passenger disruptions across Germany’s air travel network. Attackers overwhelmed airport websites with malicious traffic, rendering them inaccessible to users attempting to check flight statuses, service information, or operational updates.
The pro-Russia hacktivist group Killnet claimed responsibility for the attacks, issuing a call to action against German airports through its Telegram channel on February 16—a reprisal for Germany’s decision to supply Leopard 2 tanks to Ukraine, as announced by Chancellor Olaf Scholz’s cabinet on February 15. This mirrored prior Killnet campaigns, including January 2023 DDoS attacks against German airports, banks, and government bodies, and October 2022 assaults on U.S. airport websites. Airport IT teams initiated immediate troubleshooting and mitigation procedures, though restoration timelines were not disclosed. Beisel emphasized the incident’s limited technical scope, confirming no secondary system compromises beyond the public-facing web portals. Despite the restricted operational impact, the attacks highlighted recurring vulnerabilities in aviation sector web infrastructure to politically motivated DDoS campaigns during heightened geopolitical tensions.