Cyberattacks reported at US airports

boonchai wedmakawand/Getty Images

(NEW YORK) — Some of the nation’s largest airports have been targeted for cyberattacks Monday by an attacker within the Russian Federation, a senior official briefed confirmed to ABC News.

Importantly, the systems targeted do not handle air traffic control, internal airline communications and coordination, or transportation security.

“It’s an inconvenience,” the source said.

The attacks have resulted in targeted “denial of public access” to public-facing web domains that report airport wait times and congestion.

Over a dozen airport websites were impacted by the “denial of service” attack, John Hultquist, head of intelligence analysis at cybersecurity firm Mandian, told ABC News. That type of attack essentially overloads sites by jamming them with artificial users.

“Killnet,” a pro-Russian hacker group, is believed to be behind the attack, according to Hultquist. While similar groups have been found to be fronts for state-backed actors, Hultquist said there is no evidence the Russian government was involved in directing this attack.

The attacks were first reported around 3 a.m. ET when the Port Authority notified the Cybersecurity and Infrastructure Security Agency that the LaGuardia Airport system had been hit. LaGuardia has been restored, but other airports around the country have subsequently been targeted.

The websites for Des Moines International Airport, Los Angeles International Airport (LAX) and Chicago O’Hare International Airport appeared impacted Monday morning.

Hartsfield-Jackson Atlanta International Airport reported around 10:30 a.m. ET that its site is back up and running and that “at no time were operations at the airport impacted.”

“Early this morning, the FlyLAX.com website was partially disrupted,” LAX said in a statement to ABC News. “The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions.”

The group “Killnet” has been active since the beginning of the war in Ukraine, targeting Ukrainian allies and recently claiming credit for taking down government websites in the U.S. They operate internationally and have been known to carry out attacks across Europe, according to cybersecurity experts.

Engineers and programmers are actively working to close backdoors that allowed the attacks and shoring up more critical computer infrastructure.

Jamming attacks like the one seen Monday morning are highly visible but largely superficial and often temporary, Hultquist said.

Copyright © 2022, ABC Audio. All rights reserved.