Some of the country’s largest airports have been targeted cyber attack Monday by a striker in the Russian Federation, a senior official confirmed the situation to ABC News.
Importantly, the targeted systems do not handle air traffic control, internal airline communication and coordination or transport security.
“It’s a hassle,” the source said. The attacks have resulted in targeted “denial of public access” to public-facing web domains reporting airport wait times and congestion.
Over a dozen airport websites were affected by the “denial of service” attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandiant, told ABC News. That type of attack essentially overloads websites by jamming them with artificial users.
“Killnet,” a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence that the Russian government was involved in directing this attack.
The attacks were first reported around 03:00 ET when the Port Authority notified the Cybersecurity and Infrastructure Security Agency that the LaGuardia Airport system had been compromised. LaGuardia has been restored, but other airports around the country have subsequently been targeted.
The websites for Des Moines International Airport, Los Angeles International Airport (LAX) and Chicago O’Hare International Airport appeared to be affected Monday morning.
Hartsfield-Jackson It was reported by the Atlanta International Airport around. 10:30 a.m. ET that its website is back up and running and that “operations at the airport were not affected at any time.”
“Early this morning, the FlyLAX.com website was partially disrupted,” LAX said in a statement to ABC News. “The service disruption was limited to portions of the public facing only the FlyLAX.com website. No internal airport systems were compromised and there were no operational disruptions.”
LAX said its website was up shortly before 8 p.m. 13 A.M.
The group “Killnet” has been active since the beginning of the war in Ukraine, targeting Ukrainian allies and recently claiming credit for taking down government websites in the United States. They operate internationally and have been known to carry out attacks across Europe, according to cyber security experts.
Engineers and programmers are actively working to close backdoors that allowed the attacks and support more critical computing infrastructure.
Jamming attacks like the one seen Monday morning are highly visible but largely superficial and often temporary, Hultquist said.
ABC News’ Alex Stone contributed to this report.