Cyber Incident Victim: Phoenix Sky Harbor Airport
Date:
Oct 2022
Location:
United States of America
Summary
A pro-Russian hacktivist group known as KillNet conducted distributed denial-of-service (DDoS) attacks against multiple major U.S. airports, including Phoenix Sky Harbor International Airport, overwhelming their websites with fake traffic and rendering them inaccessible or intermittently offline. The attacks disrupted travelers' ability to access flight updates or book services, though flight operations themselves were unaffected. KillNet, which had previously targeted entities in NATO-aligned countries supporting Ukraine, utilized custom software to generate malicious traffic and publicly listed the airport domains on its Telegram channel prior to the attacks. This incident marked an expansion of the group's focus to include U.S. targets following earlier DDoS campaigns against state government websites.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 10, 2022, the pro-Russian hacktivist group KillNet launched distributed denial-of-service (DDoS) attacks against multiple U.S. airport websites, including Phoenix Sky Harbor International Airport (PHX). The attacks overwhelmed the servers hosting these sites with excessive garbage traffic, rendering them inaccessible to legitimate users. KillNet had previously listed the targeted domains, including Phoenix Sky Harbor’s, on its Telegram channel, where members coordinated the attacks using custom software designed to generate fake requests. This caused the Phoenix Sky Harbor website to return database connection errors, preventing travelers from accessing flight updates or booking airport services. Other major airports affected included Hartsfield-Jackson Atlanta International Airport (ATL), Los Angeles International Airport (LAX), Chicago O’Hare International Airport (ORD), Orlando International Airport (MCO), and Denver International Airport (DIA), alongside facilities in Kentucky, Mississippi, and Hawaii. While the attacks did not disrupt actual flight operations, they impaired critical digital services, creating potential delays and inconveniences for passengers reliant on web-based information.
The incident marked an escalation in KillNet’s targeting of Western entities aligned with Ukraine, following prior attacks against government and infrastructure sites in European nations like Romania, Italy, Norway, and Lithuania. The group’s expansion to U.S. targets coincided with heightened geopolitical tensions, as the U.S.—a leading NATO member—provided military and intelligence support to Ukraine amid Russia’s invasion. KillNet had shifted focus to U.S. state government websites in Colorado, Kentucky, and Mississippi the week before the airport attacks, though with limited success. The DDoS campaign against airports represented a broader strategy to disrupt economic sectors and retaliate against nations opposing Russian interests. No technical mitigation efforts or responses from the affected airports were detailed in available reports, but the attacks underscored the vulnerability of public-facing infrastructure to hacktivist disruptions during periods of international conflict.