Cyber Incident Victim: Flughafen Hannover-Langenhagen
Date:
Feb 2023
Location:
Germany
Summary
Several German airports, including Hannover Airport, experienced website disruptions due to distributed denial-of-service (DDoS) attacks attributed to the pro-Russia hacktivist group Killnet. The attacks rendered their public websites unreachable but did not impact other operational systems, as confirmed by airport administrators and the ADV airport association. Killnet initiated the offensive in response to Germany's decision to supply tanks to Ukraine, consistent with prior campaigns targeting critical infrastructure; the group had previously attacked U.S. airports and German entities following similar geopolitical triggers. Malicious traffic was identified as the cause, with officials ruling out routine overloads. This incident occurred amid unrelated IT failures affecting flight operations elsewhere in the country.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 16, 2023, multiple German airport websites experienced widespread outages due to distributed denial-of-service (DDoS) attacks, marking another incident targeting the country's critical transportation infrastructure. The attacks occurred one day after an unrelated IT failure disrupted Lufthansa operations at Frankfurt Airport, compounding travel challenges during the period. Ralph Beisel, chief executive of Germany's ADV airport association, confirmed the technical issues stemmed from malicious DDoS activity while emphasizing that core operational systems at affected airports remained unaffected. Although specific airports were not enumerated in all reports, administrators indicated multiple facilities encountered website inaccessibility caused by abnormal traffic patterns characteristic of coordinated attacks. A Dortmund Airport spokeswoman indicated technicians were actively troubleshooting while acknowledging the anomalies suggested deliberate sabotage rather than organic system overloads, stating there was "reason to suspect it could be a hacker attack."
Pro-Russian hacktivist group KillNet claimed responsibility for the coordinated DDoS campaign via its Telegram channel the same day, framing the attacks as retaliation against Germany’s decision to supply Leopard 2 tanks to Ukraine. This mirrored KillNet's January 2023 attacks against German airports, financial institutions, and government websites, which similarly protested Western military support for Ukraine. Though the February 16 attack exclusively disrupted public-facing websites without compromising internal aviation systems, it hampered passengers' ability to access flight information, airport services, and operational updates online. The incident coincided with geopolitical tensions following Chancellor Olaf Scholz's cabinet meeting on February 15, where Germany authorized supplying 14 tanks and lifted export restrictions for allied nations to send additional units. Cybersecurity investigators noted tactical similarities to KillNet's October 2022 DDoS operations against major U.S. airports, confirming the group's persistent focus on aviation sector targets as symbolic retaliation vectors. No data breaches or extended operational disruptions beyond website availability were confirmed in the immediate aftermath of the attacks.