Cyber Incident Victim: Flightradar24
Date:
Sep 2020
Location:
Sweden
Summary
Two major flight tracking services experienced severe service disruptions due to a series of coordinated cyberattacks, with one platform suffering three attacks within two days and the other targeted multiple times. The incidents caused temporary outages, preventing users from accessing live flight data feeds, though services were later restored. Both platforms, utilized by millions globally for real-time aircraft tracking, provide critical details such as flight numbers, aircraft models, speed, and destination information. The attacks highlighted vulnerabilities in widely relied-upon aviation tracking systems, though the specific motives or perpetrators behind the campaign were not disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late September 2020, Flightradar24 and PlaneFinder, two prominent real-time flight tracking platforms, experienced severe service disruptions due to coordinated cyberattacks. Flightradar24 sustained three separate attacks within a two-day period, while PlaneFinder was targeted multiple times in quick succession. The attacks occurred around September 27-29, with PlaneFinder confirming operational issues via Twitter and requesting user patience during restoration efforts. Both platforms, which collectively served millions of registered users and tracked thousands of daily flights globally, became intermittently inaccessible. PlaneFinder's live feed interruption was specifically documented at 12:40 PM GMT on Tuesday, September 29, rendering flight data unavailable until partial service restoration occurred prior to the publication of confirmation reports later that day. The incident represented a sustained campaign against aviation tracking infrastructure, though no threat actor claimed responsibility or disclosed motives during the immediate aftermath.
The cyberattacks disrupted critical flight information services used by aviation enthusiasts and travelers worldwide, preventing access to real-time aircraft tracking data including flight numbers, aircraft models, altitude, speed, and destination details. PlaneFinder's ADS-B and MLAT data-sharing functionality for registered users was compromised during the outages, along with its historical flight replay feature containing records dating back to 2011. Both organizations implemented incident response measures focused on service restoration rather than public attribution, with PlaneFinder prioritizing system recovery while communicating directly with users through social media channels. The operational impact demonstrated vulnerabilities in specialized tracking platforms that aggregate and disseminate aviation telemetry, though neither company disclosed technical details regarding attack vectors, data breaches, or permanent system damage. Service normalization timelines differed between platforms, with PlaneFinder achieving partial recovery within hours while Flightradar24's restoration progress remained unspecified beyond confirmation of multiple attack waves.