Cyber Incident Victim: Flughafen Dortmund
Date:
Feb 2023
Location:
Germany
Summary
Multiple German airports experienced website outages caused by distributed denial-of-service (DDoS) attacks targeting their online infrastructure, though core operational systems remained unaffected. The incident, attributed by experts to the pro-Russia group Killnet, marked a recurrence of similar attacks linked to geopolitical tensions over military support for Ukraine. Administrators confirmed disruptions stemmed from malicious traffic rather than routine overload, aligning with the group's stated retaliation for German tank deliveries to Ukraine. This followed prior cyber campaigns by the same actors against airport websites in Germany and the U.S., reinforcing patterns of hacktivist activity against critical infrastructure in response to foreign policy decisions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A recent cyberattack targeted several German airports, including Dortmund Airport, causing their websites to become unreachable. The attack was identified as a Distributed Denial-of-Service (DDoS) attack, which overwhelmed the websites with malicious traffic. This type of attack is designed to make a system or network resource unavailable by flooding it with a high volume of traffic from multiple sources.
The attack on the German airports was not an isolated incident, but rather part of a larger campaign of cyberattacks carried out by the pro-Russia hacktivist group Killnet. This group has been linked to several high-profile cyberattacks in the past, including attacks on US airports and other critical infrastructure targets. Killnet's motivation for the attack on the German airports was reportedly Germany's decision to send tanks to Ukraine, which the group saw as a provocative move.
The attack on the German airports was carried out in a coordinated manner, with multiple airports affected simultaneously. The airports' websites were flooded with traffic from compromised devices, making it impossible for legitimate users to access them. The attack did not impact other airport systems, such as air traffic control or security systems, but it did cause significant disruptions to the airports' operations.
The impact of the attack was felt by travelers and airport staff alike. Many passengers were unable to access the airports' websites to check flight information or print boarding passes, leading to frustration and delays. Airport staff were also affected, as they were unable to access critical systems and information. The attack highlighted the vulnerability of critical infrastructure to cyberattacks and the potential consequences of such attacks.
The German authorities quickly responded to the attack, launching an investigation and working to restore the airports' websites. The airports' IT teams worked to mitigate the attack and restore access to their systems. The investigation into the attack is ongoing, but it is clear that the attack was carried out by a sophisticated and well-organized group.
The attack on the German airports is a reminder of the ongoing threat of cyberattacks to critical infrastructure. As more and more systems become connected to the internet, the potential for cyberattacks increases. The attack highlights the need for organizations to have robust cybersecurity measures in place to protect against such attacks. It also underscores the importance of international cooperation and information sharing in the fight against cybercrime.
Killnet's claim of responsibility for the attack highlights the group's brazen and provocative approach to cyberattacks. The group's motivation for the attack was clearly political, and the attack was designed to send a message to the German government. The attack is a reminder that cyberattacks can be used as a tool of political protest and that such attacks can have significant consequences.
The attack on the German airports is part of a larger trend of cyberattacks on critical infrastructure. Such attacks have the potential to cause significant disruptions to critical systems and services, and can have serious consequences for public safety and security. The attack highlights the need for organizations to prioritize cybersecurity and to take steps to protect against such attacks.
The investigation into the attack is ongoing, and it is likely that more information will come to light in the coming days and weeks. However, it is clear that the attack was a sophisticated and well-organized effort, carried out by a group with significant resources and expertise. The attack is a reminder of the ongoing threat of cyberattacks and the need for organizations to be vigilant in protecting against such attacks.