Transportation
Transportation and storage
525
cyberattacks and operations
In the Russian-Ukraine war, why do cyberattacks on the Transportation sector matter?
Cyberattacks on the transportation sector may disrupt or shut down entire systems and/or services, including transport booking systems (e.g. airlines and railways), expose or block access to sensitive data, compromise safety of staff and passengers, and impact supply chains across all sectors (e.g. medical, agriculture, mining, trade). Disruptive attacks such as DDoS on transportation service providers such as railways or airports in different countries have been documented during the conflict. In addition to this, so called hacktivist collectives, acting in the name of activism, are also targeting transportation providers linked to the mining/oil industry by compromising their systems, exfiltrating data and publishing it online.
What types of attacks have been documented against the sector?
Which countries have seen attacks on the sector in the context of the war?
What impact do these attacks have on people?
Cyberattacks on transportation and storage providers can compromise people’s safety, disrupt their access to emergency and passenger services, ( and expose highly sensitive data on individuals or organizations. Such attacks have the potential for accidents, mass chaos, and injuries or loss of life.
What are the primary digital impacts observed on the sector by country?
Can history shed light on the impact of attacks on this sector?
19-20 April 2022 - National railways and airports, Czechia
Czech websites came under DDoS attack, including České dráhy (Czech railways) and some regional and international airports.
Societal harm/impact:
- Czech Railways tackled an outage on the Můj vlak (My train) mobile application for over 24 hours. Buying tickets online did not work and there were also problems finding connections.
- The attack on Pardubice Airport caused failure of the entire web system and the website no longer worked.
An unrelated ransomware attack on 23 March 2022 on IT systems belonging to Italian State Railways demonstrates, although in this case unrelated to the war against Ukraine, the impacts on people as a result of cyberattacks:
- the disruption of ticket sales at stations,
- the malfunction of passenger information screens,
- the disruption of applications used by railway staff through tablets,
- the suspension of all rail freight thus impacting shipments.
Which threat actors have been linked to attacks on the sector during the conflict?
Name | Type | Origin | Number of attacks |
|---|---|---|---|
| NoName057(16) | Collective | 355 | |
| KillNet | Collective | 22 | |
| Anonymous Russia | Collective | 21 | |
| People's CyberArmy | Collective | 17 | |
| Anonymous Italia | Collective | Unknown | 15 |
| Net Worker Alliance | Collective | Unknown | 11 |
| BlueNet Russia | Unknown | Unknown | 9 |
| Netside Group | Collective | Unknown | 8 |
| Bloodnet | Collective | Unknown | 8 |
| UserSec | Collective | Unknown | 7 |
| Kvazar DDoS | Collective | Unknown | 6 |
| Russian Hackers Team | Collective | Unknown | 5 |
| Russian Hackers Community | Collective | Unknown | 4 |
| Sandworm | Nation State | 3 | |
| Anonymous Sudan | Collective | unknown | 3 |
| National Hackers of Russia (HXP) | Collective | Unknown | 3 |
| Cyber Cat | Collective | Unknown | 2 |
| IT Army of Ukraine | Nation State | 2 | |
| Legion Cyber Spetsnaz | Collective | 2 | |
| Cyber Partisans | Collective | 1 | |
| GhostSec | Collective | 1 | |
| Anonymous | Collective | Unknown | 1 |
| Red Stinger | Unknown | Unknown | 1 |
| AlTahrea | Collective | 1 | |
| Mirai | Collective | 1 | |
| StudentCyberArmy | Collective | 1 | |
| Furious Russian Hackers | Unknown | Unknown | 1 |
| ChaosSec | Collective | Unknown | 1 |
| KillMilk | Individual | 1 | |
| Cyber DDoS | Collective | Unknown | 1 |
| RuBit | Unknown | Unknown | 1 |
| Zulik Group | Unknown | Unknown | 1 |
Explore the data
Event Name | Event Country | Event Date | Event Type | Impact Category | Impact Description | Threat Actor Name |
|---|---|---|---|---|---|---|
| Campaign: DDoS attack against the subdomain of a British local public transportation operator | 2023-12-31 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attack against the website of a Dutch bike rental agency and a local public transportation operator | 2023-12-30 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| Campaign: DDoS attacks against the website of a British local public transportation operator and the subdomain of another local public transportation operator | 2023-12-28 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| Campaign: DDoS attack against the website of a Dutch bike rental agency and a local public transportation operator | 2023-12-25 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attacks against the website of a Swedish local public transportation operator and the website and subdomain of another local public transportation operator | 2023-12-24 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| Campaign: DDoS attack against the website of a British local public transportation operator | 2023-12-23 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| DDoS attack against the website of a Swiss railway company | 2023-12-22 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attack against the website of a Finnish cruise company | 2023-12-22 | DDoS | Disruption | Disrupted connectivity to website. | NoName057(16) | |
| Campaign: DDoS attacks against the websites of two Italian public transportation operators | 2023-12-21 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) | |
| Campaign: DDoS attacks against the website of a Swedish local public transportation operator and the website and subdomain of another local public transportation operator | 2023-12-20 | DDoS | Disruption | Disrupted connectivity to websites. | NoName057(16) |
