Cyber Incident Victim: LaGuardia Airport
Date:
Oct 2022
Location:
United States of America
Summary
A cyberattack attributed to a pro-Russian hacker group disrupted public-facing websites of multiple major U.S. airports, including LaGuardia, causing temporary denial of public access to flight information and congestion updates. The distributed denial-of-service (DDoS) attacks targeted web domains reporting wait times but did not compromise critical operational systems such as air traffic control or security infrastructure. While the attacks caused intermittent website outages across over a dozen facilities, airport operations remained unaffected. Cybersecurity agencies collaborated with affected airports to mitigate the superficial attacks, which originated from within Russia but showed no direct evidence of state involvement. The incident was linked to the Killnet group, known for targeting Ukrainian allies since the onset of the Ukraine conflict.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 10, 2022, multiple U.S. airports experienced cyberattacks targeting public-facing websites that display wait times and congestion data. The incident began around 3 a.m. ET when LaGuardia Airport's systems were compromised, prompting the Port Authority to notify the Cybersecurity and Infrastructure Security Agency (CISA). This marked the first reported attack in a series targeting over a dozen major airports, including Los Angeles International Airport (LAX), Chicago O'Hare International Airport, Des Moines International Airport, and later Denver International Airport. The attacks employed distributed denial-of-service (DDoS) techniques, overwhelming websites with artificial traffic to disrupt public access. Critical operational systems—including air traffic control, airline communications, and transportation security infrastructure—remained unaffected throughout the incident. By 10:30 a.m. ET, Hartsfield-Jackson Atlanta International Airport restored its website, confirming no operational impacts. LAX reported partial disruption of its FlyLAX.com site starting early morning, with full restoration occurring shortly before 1 p.m. ET.
The pro-Russian hacker group Killnet, active since the start of the Ukraine conflict, claimed responsibility for the attacks. Cybersecurity firm Mandiant identified the group as the likely perpetrator but noted no evidence of direct Russian government involvement. Denver International Airport, the nation's third busiest, faced sustained attacks beginning around 11 a.m. ET, though these caused minimal disruption. Airport personnel collaborated with CISA, the FBI, and TSA to monitor threats and share intelligence. Engineers worked to close vulnerabilities exploited in the attacks and reinforce critical infrastructure. While Senator Chuck Schumer publicly linked the incident to geopolitical tensions following Ukraine's Crimea bridge strike, officials emphasized the attacks' limited scope—causing temporary public inconvenience rather than compromising safety systems. All affected airports restored public website access within hours, with no reports of lasting operational consequences.