Cyber Incident Victim: Hans Christian Andersen Airport
Date:
Apr 2023
Location:
Denmark
Summary
Hans Christian Andersen Airport was targeted by a significant DDoS attack, forcing it to postpone the launch of its new website. The attack caused the airport's primary website to remain offline for nearly 24 hours after the initial incident. The disruption led to a cautious approach from management, which decided to delay the site's public opening while continuing to assess the situation in the attack's aftermath.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 1, 2023, Hans Christian Andersen Airport, Odense Lufthavn, was subjected to a significant distributed denial-of-service (DDoS) attack. The attack targeted the airport's official website, overwhelming its servers with a flood of malicious traffic and rendering the site inaccessible to the public. The incident occurred over a weekend, causing an immediate and complete outage of the airport's primary online information portal. The scale of the attack was substantial, preventing normal operation and access to the website's services.
Nearly twenty-four hours after the initial attack commenced, the airport's website remained offline. The sustained nature of the outage indicated the severity and persistence of the DDoS campaign against the airport's digital infrastructure. The website's continued unavailability demonstrated the effectiveness of the attack in disrupting the airport's online presence and its ability to communicate and provide information to passengers and other stakeholders through its official channel.
In direct response to the ongoing attack and the inability to immediately restore stable service, the airport's management made a decisive operational choice. The planned reopening of the website was postponed. This decision to delay the restoration was a containment measure, taken to avoid further uncontrolled disruption and to allow airport IT personnel and any external security partners to assess the situation thoroughly. The leadership opted to adopt a cautious posture, choosing to wait out the situation rather than risk bringing the site back online prematurely, which could have resulted in another immediate takedown or further complications.
Hans Okholm Vejrup, the airport director, publicly confirmed the details of the incident and the airport's response strategy in a statement to the media outlet Computerworld on April 2, 2023. His confirmation served as the primary public acknowledgment of the cyber incident, providing factual details about the event's nature and the airport's current status. The impact of the incident was singularly focused on the public-facing website, affecting information dissemination. There was no indication or report from the airport director that the attack penetrated internal corporate networks, impacted flight operations systems, or compromised any sensitive passenger data. The disruption was confined to the availability of the web domain.
The airport's response actions were primarily focused on containment and assessment. The key immediate action was the decision to keep the website offline deliberately, a form of defensive takedown to starve the attack of its target and to prevent wasteful expenditure of resources on a futile restoration attempt while the attack was still active. This approach allowed the technical teams to work without the pressure of a live system under continuous assault. The public statement by the director was a crisis communication measure aimed at providing transparency about the cause of the outage and managing the expectations of customers seeking to use the website, thereby mitigating potential reputational damage by attributing the downtime to a malicious external attack rather than an internal failure.
The consequences of the attack were operational and reputational. The immediate consequence was the prolonged loss of a critical public communication tool for an extended period, spanning from the weekend into the following business day. This prevented passengers from accessing flight information, services, and other updates directly from the source. The incident also necessitated the allocation of internal resources to incident response and recovery efforts. Furthermore, the event publicly highlighted the airport's vulnerability to this type of cyber threat, potentially affecting its reputation for operational reliability and cybersecurity preparedness. The full extent of any financial impact or the specific identity and motives of the threat actors behind the DDoS attack were not disclosed in the available public reporting. The airport's management continued to monitor the situation to determine the appropriate time to safely restore full website functionality.