Cyber Incident Victim: Chicago O'Hare International Airport
Date:
Oct 2022
Location:
United States of America
Summary
A pro-Russian hacker group known as Killnet conducted distributed denial-of-service attacks targeting public-facing websites of multiple major U.S. airports, including Chicago O'Hare and Midway International Airports. The attacks temporarily disrupted access to flight information portals reporting wait times and congestion but did not compromise internal systems, air traffic control, security operations, or flight schedules. While the websites for Chicago's airports and others like Los Angeles International Airport and Hartsfield-Jackson Atlanta were intermittently unavailable, all operational infrastructure remained unaffected. Cybersecurity agencies confirmed the attacks originated from within Russia but found no direct evidence of state involvement. The group's actions aimed to create public confusion by exploiting highly visible digital platforms without causing physical disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 10, 2022, pro-Russian hacker group Killnet executed distributed denial-of-service (DDoS) attacks against public-facing websites of at least a dozen major U.S. airports, including Chicago O'Hare International Airport and Chicago Midway International Airport. The attacks began around 3:00 a.m. ET when the Port Authority notified the Cybersecurity and Infrastructure Security Agency (CISA) about LaGuardia Airport's compromised systems. Subsequent targets included Hartsfield-Jackson Atlanta International Airport, Los Angeles International Airport (LAX), and Denver International Airport, with Chicago's flychicago.com experiencing outages until approximately noon local time. Killnet publicly claimed responsibility through its Telegram channel, having published a target list the preceding night. Forensic analysis traced the attacks to infrastructure within the Russian Federation, though U.S. officials found no evidence of direct Russian government involvement.
The attacks exclusively disrupted public web domains displaying airport wait times and congestion data, overwhelming sites with artificial traffic to render them inaccessible. No internal operational systems—including air traffic control, airline communications, baggage handling, or Transportation Security Administration infrastructure—were compromised. Chicago Department of Aviation confirmed flight operations remained unaffected, with LAX reporting only "partial disruption" to flylax.com and Denver noting unsuccessful attempts to overwhelm its site. Most airports restored functionality within hours through traffic filtering and server adjustments, though Denver reported continuous attack attempts throughout the day. Response coordination involved CISA, FBI, Department of Homeland Security, and local cybersecurity teams, with airports sharing threat intelligence while engineers worked to close vulnerabilities. The incident's primary impact centered on temporary passenger inconvenience and heightened public concern, with experts characterizing the attacks as psychological operations exploiting high-profile targets to amplify perceived disruption.