View on Amsterdam Schiphol International Airport showing cyber attack on air traffic control agency Eurocontrol

Russian Hackers Killnet Executed a Cyber Attack on European Air Traffic Control Agency Eurocontrol

A pro-Russian hacking group has carried out a cyber attack on Europe’s air traffic control agency. Eurocontrol said the attack by Russian hacking group Killnet affected its website but did disrupt flights or pose any threat to air traffic.

The group has since claimed responsibility for the attack and vowed to disrupt the agency’s operations for 100 hours.

Killnet targets organizations with distributed denial of service (DDoS) attacks by bombarding the target with junk Internet traffic preventing legitimate users from accessing online services.

The European Organization for the Safety of Air Navigation (EOSAN), also known as Eurocontrol, coordinates air traffic in 41 countries.

European air traffic control agency confirms Killnet cyber attack

Eurocontrol said its website was attacked on April 19 by pro-Russian hackers, causing access problems.

“The attack is causing interruptions to the website and web availability,” a Eurocontrol spokesperson said. “There has been no impact on European aviation.”

Consequently, the European air traffic control agency advised travelers to use alternative means of filing flight plans. The cyber attack also forced some airlines to use commercial solutions to manage flights. However, the cyber attack did not compromise the air traffic control agency’s internal systems, and the safety of air navigation was not at risk.

Nevertheless, an official admitted that the DDoS attack made air traffic control operations difficult. “It’s been a heavy cyber battle and while operations are entirely safe, doing other things has been difficult,” a Eurocontrol spokesperson told the Wall Street Journal.

However, the cyber attack did not cause any delays to commercial flights, according to the International Air Transport Association: “There has been no inconvenience to commercial air traffic, no disruption and no delays because of the cyberattack.”

According to the Wall Street Journal, at least 2,000 Eurocontrol employees could not access the organization’s internal and external communication tools.

Commenting on the Eurocontrol cyber attack, David Mitchell, Chief Technical Officer at HYAS, advised organizations to isolate operational technology from other IT systems.

“It is important for critical OT systems like Air Traffic Control, power & water to be air-gapped from other IT systems — primarily because OT systems can often be decade(s) old and do not have the normal software update cycle of IT systems,” he said.

Based on a 2021 report by Eurocontrol, the use of diverse technologies in air traffic control exposed the sector to a wide range of cyberattacks.

Cyber smackdown with Russian hackers

Killnet claimed responsibility for the cyber attack on the European air traffic control agency and promised a DDoS marathon for 100 hours.

“From today, a Eurocontrol marathon is being held, lasting 100 hours,” the group posted on its Telegram channel, threatening to cause “great discomfort” to European airlines.

This is hardly the first time Killnet has targeted the aviation industry. In October 2022, the pro-Russian hackers attacked 14 U.S. airports with DDoS attacks. U.S. airports impacted by Killnet DDoS attacks include Chicago O’Hare International Airport (ORD), Denver International Airport (DIA), Hartsfield-Jackson Atlanta International Airport (ATL), Denver International Airport (DIA), Los Angeles International Airport (LAX), Orlando International Airport (MCO), and Phoenix Sky Harbor International Airport (PHX).

In Europe, over two dozen airports have borne the brunt of Killnet’s cyber attacks, which aim to cause discomfort and incite the public against their governments for helping Ukraine.

In July 2021, Eurocontrol published a report showing that the aviation industry was ill-equipped to cope with cyber attacks from various cyber threat groups.

Pro-Russian groups have also targeted government services in countries assisting Kyiv militarily or imposing sanctions on Moscow since the full-scale Russian invasion of Ukraine began in February 2022.

In June 2022, Killnet targeted Lithuanian government websites with DDoS attacks after the country blocked shipments to the Russian enclave of Kaliningrad.