Cyber Incident Victim: Manchester Airport

On October 30, 2023, Manchester Airport’s website became inaccessible to users during the afternoon hours following a cyberattack. A Russian hacking group known as UserSec claimed responsibility for the disruption via a Telegram post, identifying Manchester Airport as the first target in a planned series of attacks against UK airports that day. The group stated the website would remain offline until 8:30 PM Moscow time (5:30 PM UK time), though the site was restored by approximately 4:15 PM UK time—over an hour earlier than the hackers’ declared timeframe. Manchester Airport acknowledged the cyberattack affecting its website but did not confirm UserSec’s involvement, emphasizing that airport operations, including flight schedules, remained unaffected. Passengers were advised they would not face travel disruptions as a result of the incident. Initial analysis indicated the attack was a distributed denial-of-service (DDoS) incident, a method involving overwhelming a system with traffic to render it inoperable.

The National Cyber Security Centre (NCSC), a UK government body, was confirmed to be investigating the attack. UserSec, alongside another group identified as Anonymous Russia, had previously claimed responsibility for cyberattacks on London City Airport and Birmingham Airport on July 19, 2023, which similarly caused website outages. No technical details regarding Manchester Airport’s mitigation efforts were disclosed, though the swift restoration of service suggested existing defensive measures limited the attack’s duration. The incident did not compromise passenger data or critical airport infrastructure, with impacts confined to the public-facing website’s temporary unavailability. Manchester Airport’s communications focused on operational continuity, avoiding engagement with the attackers’ claims while relying on national cybersecurity authorities to assess attribution and broader implications.