Posted on April 23, 2023 at 7:48 AM

European air traffic control reveals DDoS attack by Russian hacktivist group

Russian hacktivist groups have remained increasingly active since the war between Russia and Ukraine started. These groups have targeted several Western agencies and organizations, the latest target being Europe’s air-traffic agency. The agency was targeted by Pro-Russian hackers seeking to disrupt air travel.

Pro-Russian hackers target European air traffic control

The attack was confirmed on Friday last week by Eurocontrol. The agency said that its website had been under attack since April 19. Eurocontrol attributed the breach to pro-Russian hackers, saying they claimed responsibility.

A spokesperson from the company noted that this exploit had triggered an interruption on the website and affected web availability. However, they noted that this attack had not caused any effect on European aviation.

Eurocontrol is an agency that controls commercial traffic between 41 states within the European Union and their national air traffic control organizations. The outage hacked by the hackers allegedly affected the communication systems at Eurocontrol. It also resulted in smaller airlines turning towards older technology to manage flight schedules. The backup includes a fax-era backup system.

Eurocontrol has yet to share in-depth details about this breach, such as the affected systems and when its websites would be fully restored. Moreover, Eurocontrol did not name the threat actor group behind this exploit.

The Russian hacktivist group known as KillNet had claimed responsibility for this attack. According to a message published on its Telegram channel, the group claimed it was behind this attack. The message from the hackers read, “From today, a Eurocontrol marathon is being held, lasting 100 hours.”  

The Wall Street Journal first reported the hacking attack on Eurocontrol. The report cited a senior official at the agency familiar with the situation. The official said that the attack did not compromise air traffic safety. However, it affected the internal and external communication at the agency.

Following this exploit, 2,000 employees were forced to look for other commercial communication tools. The official referred to the attack as “a heavy cyber battle,” adding that while operations were safe, the exploit had made it difficult to conduct other operations.

KillNet group attributed to several pro-Russia hacks

The KillNet hacking group is notorious for conducting DDoS attacks. In October last year, the hacking group claimed responsibility for taking down over a dozen websites for US airports after conducting a large-scale DDoS exploit. In February, the group was also linked to an exploit on German airport websites.

These hacking attacks usually do not require the hackers to have much technical know-how. These groups can use open-source DDoS tools readily available on the dark web. They later use these tools to target an organization’s network with junk traffic to take it offline.

The availability of DDoS tools and the less complex nature of these attacks made them ideal for hackers looking to gain popularity. However, if an organization has set up robust security measures, these attacks barely cause any damage as they will be mitigated before causing the intended damage.

The KillNet hacking group does not use sophisticated techniques to conduct its attacks as it mostly launched DDoS campaigns. The group has become popular as a pro-Russian DDoS hacking group, with its attack patterns showing that it had sided with Russia in the ongoing war with Ukraine.

The group has also urged other pro-Russian hacking groups to launch DDoS campaigns to bring adversaries’ networks offline. The group usually targets critical infrastructure websites in Europe and the United States. These attacks come as the West continues to increase its support for Ukraine.

One of the latest attacks the group conducted was a DDoS campaign that took down the websites of nine Danish hospitals for a few hours. The attack happened in February, but it did not have any major effect on the operations of these medical centers or the digital infrastructure.

KillNet is not the only hacking group conducting these types of attacks. Earlier this year, another hacking group known as Anonymous Sudan claimed responsibility for a DDoS attack that targeted the websites of the German foreign intelligence service and the Cabinet of Germany. Anonymous Sudan said that the attack supported KillNet and was a response to Germany’s plan to send tanks to Ukraine.

A leaked US intelligence report focusing largely on the efforts made by the Ukraine military against the Russian army warned that Russian hacktivist groups infiltrated a Canadian gas infrastructure company this year and obtained instructions from Russian intelligence. This breach highlights the danger posed by these groups.