Cyberattack on German airports, was Lufthansa disruption also a Killnet cyberattack?

Sicherheit (Pexels, allgemeine Nutzung)[German]On February 16, 2023 the websites of  several German airports were down due to DDoS attacks by suspected Russian cyber attackers. And this week Wednesday, after all, there was a Lufthansa IT outage that was originally attributed to fiber optic cable damage. Now the Russian hacker group Killnet is claiming the Lufthansa IT outage was the result of a cyberattack, as Germany supports Ukraine against Russian aggression. Hence, some cyber conspiracy theories to end the week.

DDoS attacks on German airports

Some blog readers has mentioned it within comments to my German blog post Luftikusse von der Lufthansa IT … (thanks). The facts: German airports were specifically attacked with DDoS (Distributed Denial-of-Service, constantly repeating requests to overload the web server), so that their websites were not or hardly accessible. Gerold wrote:

If it doesn't go well, it doesn't go well …

Websites of German airports disrupted
Status: 16.02.2023 12:29 o'clock

A hacker attack could be responsible for the failure of websites of several German airports. The troubleshooting is still ongoing. Effects on air traffic are not known so far.

German site tagesschau.de had reported in the article Webseiten deutscher Flughäfen gestört that a cyber attack could be responsible for the failure of websites of several German airports. At least the airports in Düsseldorf, Nuremberg, Dortmund, Hanover and Erfurt were affected. Through continuous access (DDoS), hacker groups from Russia attempted to overload the web servers. A spokesperson for Düsseldorf Airport told media:

We can confirm that our website is currently unavailable. The cause of the disruption has not been conclusively determined at this time; analyses by our IT partners are still ongoing.

According to nt-v a spokeswoman for Dortmund Airport said, "As things stand, we suspect a hacker attack. Our experts are currently working to solve the problem." At Nuremberg Airport, a spokesperson said, "We suspect so far that it is a DDoS attack." Ransomwaremap provided a list of affected airports in the following tweet.

DDoS attack on German airports Feb. 16, 2023

The Russian hacker group Killnet claims responsibility. The group attacks Western companies and organizations for helping Ukraine fight off the Russian aggressor that has invaded this country and is waging a war of extermination. These types of attacks usually pass after a few hours and have no impact on flight operations. It's more "show loud, there's something there" and at most kicks passengers who want to check out the airport's websites.

Killnet claims LH IT outage as cyber attack

Tuesday, Feb. 14, 2023, wasn't just Microsoft Patchday late in the evening. No, construction workers in Frankfurt had destroyed fiber optic cables during deep drilling during track construction work and then poured concrete over them. Caused communication failures in the surrounding area, which also affected a Lufthansa communication line.

Then, on Wednesday, February 15, 2023, there was a disruption in Lufthansa's IT systems, so that passenger handling was no longer possible. Frankfurt Airport was temporarily closed to arriving Lufthansa aircraft – the planes were diverted. This glitch was resolved after several hours. I had reported on the facts in the German blog post Glasfaser und Bahn-Bauarbeiter, oder wie man die Lufthansa lahm legt … & SAS kompromittiert (15. Feb. 2023).

Lufthansa IT took it easy, and had rolled out a major update to the mobile app in the wake of the outage since Tuesday evening and in light of Verdi's strike. In view of these reports, I was quite flashed when I saw the following tweet.

Killnet claims attack on German carrier Lufthansa; Feb. 15/16, 2023

The cybernews.com site writes here (Teller Report has already reported it here as of Feb. 15, 2023) that the Russian hacker group Killnet claims Lufthansa's IT disruption was the result of a cyberattack on its IT systems in retaliation for Germany's support of Ukraine.

The suspected leader of the KillMilk hacker group has claimed responsibility for the attack on Lufthansa to the Russian website Gazeta.ru, which belongs to the state-owned company Sberbank.

We killed the network of Lufthansa employees with 3 million requests per second with fat data packets.

These were experiments on rats that were successful.

Now we know how to take out every navigation and technical system of every airport in the world.

Who else wants to supply weapons to Ukraine?

So that would be a twist coming from a completely different direction: the failure of Lufthansa's IT systems could have been the result of a planned cyber attack. Whereby I don't understand how they could access the internal IT systems and overload them. The whole thing could also have been a boast by the hacker group – while the DDoS attack on German airport websites outlined above may well have been carried out by the group. Regarding the Lufthansa IT disruption, I'm currently reluctant to see this as a cyberattack. But maybe we will learn more soon.

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *