In the latest cybersecurity news, multiple cyber attacks on Canadian airports have caused disruptions. Canada is experiencing a setback of cyber threats from pro-Russian hacking groups targeted to launch cyber attacks on Canadian airports.
These Canadian airports’ cyber attacks led to widespread service disruptions, affecting check-in kiosks and electronic gates. The Canada Border Services Agency (CBSA) confirmed that the attack caused delays in processing arrivals, lasting over an hour at border checkpoints across the country.
“The Canada Border Services Agency (CBSA) can confirm that connectivity issues that affected kiosks and electronic gates at airports on Sunday, September 17, 2023, are the result of a distributed denial of service attack campaign (DDoS)”, the agency told IT World Canada‘s Quebec reporter Renaud Larue-Langlois, reported Financial Post.
NoName Ransomware Group Claims Cyber Attacks on Canadian Airports
The Canadian airports’ cyber attacks, attributed to a distributed denial of service (DDoS) attack, targeted the CBSA, an integral federal agency responsible for border security and immigration enforcement. The notorious NoName ransomware group claimed responsibility for this precision-targeted attack.
In the wake of the Canadian airport cyber attacks, CBSA swiftly restored connectivity, successfully bringing all systems back online within a few hours. The Montreal Airport Authority (ADM) reported delays at check-in kiosks, affecting border checkpoints nationwide, including Montreal-Trudeau International Airport.
In response to the incident, CBSA emphasized its commitment to Canadians’ and travelers’ safety and security. They assured that no personal information was compromised during the cyber attack. These Canadian airports cyber attacks are part of a larger wave of cyber assaults on key port authorities and governmental institutions in Canada.
The NoName ransomware group, notorious for its aggressive tactics, targeted critical entities, including the Port of Nanaimo, Port de Saguenay, Trois-Rivières Port Authority, and the Port of Belledune, in addition to CBSA and other vital institutions. The Canadian Centre for Cyber Security has warned about ongoing DDoS campaigns targeting government, financial, and transportation sectors. These attacks are attributed to state-sponsored Russian threat actors, including the NoName ransomware group.
About the NoName ransomware group
The exact means by which the DDoS attack breached the closed-circuit system used by check-in kiosks remain undisclosed. This system is designed to operate offline, making the intrusion all the more perplexing.
Regrettably, Canada is not the only nation facing the wrath of NoName ransomware group. Recently, Lithuania fell prey to their DDoS attacks, affecting critical services such as the e-services of the Seimas, Lithuania’s parliament, and the website of Litgrid AB, a prominent Lithuanian company.
The cyber attacks on Canadian airports are not a small issue, and the threat actors behind them are no rookies. The NoName ransomware group is a prolific Russian hacker group that entered the dark web forums in March 2022 and claimed multiple cyber attacks on organizations in different regions, like Ukraine, America, and Europe.
The threat actor claimed the first attack in March 2022, targeting Ukraine’s news and media websites, like Zaxid, Fakty UA, and others. The threat actor is known for conducting illicit activities primarily through Telegram channels. These channels serve as platforms for the group to claim responsibility for their attacks, taunt their targets, issue threats, and even disseminate educational content.
They also use GitHub to host their DDoS tool website and related repositories. Central to their arsenal is a DDoS tool named DDOSIA, which carries out denial-of-service attacks by overwhelming target sites with a barrage of network requests. Notably, the group collaborates with other pro-Russian cyber collectives like Killnet and XakNet, demonstrating a networked approach to their activities.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
