Cyber Incident Victim: Karlsruhe/Baden-Baden Airport
Date:
Feb 2023
Location:
Germany
Summary
The websites of multiple German airports became unreachable due to a large-scale DDoS attack, disrupting online services but leaving other critical systems operational. The incident, attributed to malicious traffic by administrators, occurred shortly after an unrelated IT failure caused passenger disruptions at a major hub. A pro-Russia hacktivist group, Killnet, claimed responsibility for the attack, framing it as retaliation for Germany's military support of Ukraine. This mirrors prior operations where the same group targeted U.S. airports and earlier German infrastructure, leveraging coordinated DDoS campaigns as geopolitical protest.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 16, 2023, the websites of multiple German airports, including Karlsruhe/Baden-Baden Airport, experienced widespread disruptions due to distributed denial-of-service (DDoS) attacks. ADV airport association chief executive Ralph Beisel confirmed the malicious activity, clarifying that while airport websites became unreachable, core operational systems such as flight scheduling and safety controls remained unaffected. The incident occurred amid heightened vulnerability, following an unrelated IT failure at Frankfurt Airport on February 15 that caused significant Lufthansa flight cancellations and delays. Airport administrators identified abnormal traffic patterns inconsistent with regular usage spikes, leading Dortmund Airport representatives to publicly state that technical teams were troubleshooting what they suspected to be a deliberate cyberattack. The coordinated targeting impacted critical public-facing services, though the airports maintained physical operations without major interruptions. Security teams worked to mitigate incoming malicious traffic and restore website availability, though specific technical countermeasures or duration of outages were not detailed in initial reports.
The pro-Russia hacktivist group Killnet claimed responsibility for the attacks, aligning them with prior DDoS campaigns against German critical infrastructure in January 2023. Killnet's Telegram channels explicitly cited retaliation against Germany’s decision to supply Leopard 2 tanks to Ukraine, announced by Chancellor Olaf Scholz’s government on February 15. This attack mirrored Killnet’s October 2022 disruption of U.S. airport websites, demonstrating recurring tactics against aviation targets. While no data breaches or system compromises beyond temporary website inaccessibility were confirmed, the incident underscored persistent vulnerabilities in public sector digital infrastructure. The DDoS campaign coincided with existing operational stresses from the Frankfurt IT failure, though investigations found no evidence linking the two disruptions. No ransom demands or secondary follow-up attacks were disclosed in immediate aftermath reports, with impact assessments focusing exclusively on service availability degradation rather than financial or safety consequences.