Hamburg Airport has confirmed falling victim to a “hacker attack” targeting the IT system utilized for surveillance and logging of security patrols. The airport authority have also Killmilk/Just Evil group as the assailant behind this cyberattack.
The Just Evil/Killmilk hacker group previously claimed the Hamburg Airport cyberattack, asserting access to certain parts of the airport’s premises. The claim, posted in cryptic messages on social media platforms, suggested a breach of security protocols with detailed descriptions of airport locations and systems.
The post, which includes snippets of code and references to specific areas within the airport, has raised concerns about the vulnerability of critical infrastructure to cyber threats.
Hamburg Airport Cyberattack Confirmed with Intrusion to IT Systems
The Cyber Express reached out to the airport authorities for clarification on the alleged cyberattack on Hamburg Airport. In response, an spokesperson for the airport confirmed the attack, stating, “Hamburg Airport was affected by a hacker attack on an IT system used to monitor and document security patrols. The affected system is hosted separately by an external service provider and has no connection to other systems at the airport. The attack by the Killmilk/Just Evil group was repelled and no security-relevant information was accessed. “
While the airport’s website appears to be functioning normally, with no visible signs of disruption, the possibility of a targeted cyberattack on the backend systems cannot be ruled out. Moreover, the airport said that there was no impact on air traffic and “Hamburg Airport immediately contained the attack and implemented further security precautions.”
Adding to the intrigue surrounding these claims is the background of the individual behind Just Evil/Killmilk. Identified as Nikolai Serafimov, a 30-year-old Russian citizen, he is purportedly the leader of the infamous hacktivist group Killnet. Serafimov’s past involvement in criminal activities, including narcotics-related offenses and a stint in a Russian prison, adds a layer of complexity to the situation.
Who is the Killnet Hacker Group?
On August 1, 2022, “Killmilk” and its founder launched a cyber-attack on Lockheed Martin, citing retaliation for the U.S. supplying HIMARS systems to Ukraine. Accusing Lockheed Martin of sponsoring terrorism, the group targeted production systems and employee information. This marked a shift from their previous tactics of Distributed Denial-of-Service (DDoS) attacks.
Led by Serafimov, Killmilk had been involved in various cyber activities, including operating “Black Listing,” a DDoS-for-pay platform. Serafimov introduced “Black Skills,” a Private Military Hacking Company, indicating the increasing threat of cyber warfare by non-state actors.
The emergence of new tactics and entities like “Black Skills” highlights the new threat actor and its immovable plans for creating cyber conflict. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this story once we have a detailed investigation into the intrusion caused by the cyberattack.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
