Cyber Incident Victim: Copenhagen Airport
Date:
Feb 2023
Location:
Denmark
Summary
A cyber incident disrupted website operations at Copenhagen Airport and several other Danish airports, causing irregular access where some users experienced outages while others could still reach the sites. The hacktivist group Anonymous Sudan claimed responsibility via Telegram, explicitly citing Quran burnings as motivation and listing multiple airport domains as targets. The group had previously targeted Swedish media infrastructure for similar reasons, stressing ideological retaliation. While airport websites faced intermittent availability, travelers were advised to use the airport's mobile app for flight information. Anonymous Sudan additionally issued prior warnings of an impending attack against Denmark, indicating coordinated intent to disrupt critical digital services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the morning of February 22, 2023, Copenhagen Airport experienced significant disruptions affecting its official website, with users reporting inconsistent accessibility. Some could access the site as normal, while others encountered complete outages. The airport’s press officer, Julie Boll, confirmed these “irregularities” and advised travelers to use the airport’s mobile app for real-time flight information during the disruption. Concurrently, Midtjyllands Airport and Roskilde Airport faced similar website accessibility issues, though the article does not specify the exact timeline of these secondary outages. Copenhagen Airport’s communications team initiated an investigation into the root cause but did not immediately release technical details about the nature of the disruption. No operational impacts to physical airport infrastructure, flight schedules, or passenger safety systems were reported, indicating the incident primarily targeted public-facing digital services.
The hacktivist group Anonymous Sudan claimed responsibility for the attacks via a Telegram post on the same day, linking the disruption to protests against Quran burnings in Denmark. Their post featured an image of a plane crashing in a desert, accompanied by a list of 13 Danish airports whose websites they allegedly targeted, including Copenhagen, Billund, Aarhus, and several regional facilities. This followed a February 21 Telegram warning from the group, which included a hooded figure near pyramids and a message explicitly naming Denmark as their next target due to the same motive. Anonymous Sudan had previously targeted Swedish broadcaster SVT on February 14, 2023, using an identical justification tied to Quran desecration incidents. The group’s statements framed the disruptions as retaliation against the Danish state rather than individual travelers, though their post acknowledged potential inconvenience to citizens. No technical details regarding attack methods (e.g., DDoS, defacement) or evidence of data breaches were disclosed in the source material.