Hackers Breach Airport PA Systems in Canada and U.S., Broadcast Political and Anti-Israel Messages
Published
- Coordinated attack: Hackers breached the PA systems at four airports to broadcast unauthorized messages.
- Third-party flaw: A cloud-based software provider and an advertisement streaming service used by the airports were compromised.
- Unauthorized broadcasts: The hackers used the systems to broadcast messages praising Hamas and criticizing U.S. President Donald Trump.
Multiple airports in North America experienced a coordinated airport public address (PA) system hack after threat actors gained unauthorized access to their public announcement systems. The attackers broadcast disruptive and political messages, including content praising Hamas.
Cloud-Based Service Identified as Breach Vector
The initial investigation indicates that the attackers did not breach the airports' core internal networks directly. Instead, they exploited a significant PA system vulnerability by compromising third-party services.
The incidents occurred at three airports in Canada and one in the U.S.:
- Kelowna International Airport & Victoria International Airport in British Columbia
- Windsor International Airport in Ontario
- Harrisburg International Airport in Pennsylvania
Officials at Windsor International Airport confirmed the breach originated from an unnamed "cloud-based software provider," while Kelowna officials pointed to a compromised "advertisement streaming service," according to Reuters.
Windsor International Airport CEO Mark Galvin said Pro-Hamas hackers broadcast anti-Israel messaging on screens and chants and music in Arabic over the flight terminal’s public address system in the terminal area.
Screen messages said the system was “Hacked By Mutariff Siberislam,” also known online as SiberIslam, and displayed political and offensive content, including praise for Hamas and derogatory references to U.S. President Donald Trump.
The airports have since reverted to internal systems to regain control and prevent further unauthorized access.
This attack vector highlights the persistent cybersecurity risks associated with supply chain dependencies, where vulnerabilities in external vendor software can be leveraged to infiltrate otherwise secure environments.
Collins Aerospace was recently the subject of a ransomware incident that impacted the Multi-User System Environment (MUSE) passenger processing software, resulting in significant delays and cancellations at London Heathrow, Brussels, Berlin, and Dublin, as well as at some smaller airports.
Cybersecurity Response and Investigation
The breaches have triggered a multi-agency investigation involving local law enforcement, such as the Royal Canadian Mounted Police (RCMP), and national cybersecurity bodies, including the Canadian Centre for Cyber Security and the U.S. Federal Aviation Administration (FAA).
The focus of the investigation is to determine the full scope of the cybersecurity breach and secure the vulnerabilities within the third-party software.
While the targeted facilities were smaller regional airports, the incident demonstrates a novel and disruptive method for spreading propaganda and raises concerns about the security of critical infrastructure systems across Canada and U.S. airports.
Earlier this year, the U.S. DoJ seized cryptocurrency that disrupted the Hamas terrorist financing scheme.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular