-
Pro-Palestinian team of hacktivists, Dark Storm, alleges responsibility for attacking five websites of UK airports.
-
The operation, classified as #OPUK, focused on significant aviation systems including London Oxford, Norwich, Blackpool, Bournemouth, as well as Exeter airports.
-
The group utilized proof-links via check-host.net to authenticate the attacks and depict the unavailability of targeted websites.
The UK’s aviation industry recently experienced a coordinated cyber attack from the hacktivist collective known as Dark Storm Team, which claims allegiance to the cause of Palestine. As part of their “boulevard” campaign against Israel, the group went against various UK airport sites via distributed denial of service (DDoS) attacks.
The extent of the event suggests intentional efforts to disrupt a key facet of a country’s major infrastructure. Dark Storm confirmed being behind the attacks on their Telegram profile, having published verification links for every airport they hit.
Five Airports Targeted in #OPUK Operation
The attacks labeled #OPUK struck five UK airports on January 9, 2026, hinting at a well-planned operation against infrastructure in the United Kingdom.
London Oxford Airport, Blackpool Airport, Norwich Airport, Bournemouth Airport, and Exeter Airport were attacked and documented with proof-links via the third-party service check-host.net.
These aren’t random targets. Regional airports serve critical roles in transportation networks. They handle cargo, emergency services, and passenger traffic. Disrupting their online presence affects booking systems, flight information displays, and operational communications.
Check Point Research has been tracking the Dark Storm Team closely. The group specializes in DDoS attacks but operates with a dual purpose. They’re ideologically motivated by pro-Palestinian causes, yet they’ve also positioned themselves as a gain-based internet attack provider.
“DDoS attacks, especially, often involve massive botnets jeopardizing infected devices from all over the world, making it challenging to determine a precise geographical origin,” explains Oded Vanunu, Head of Product Vulnerability and Chief Technologist for Web 3.0 at Check Point Research.
Dark Storm’s methodology makes attribution incredibly complex. They lease IP addresses from different regions and operate vast botnets made up of thousands, sometimes hundreds of thousands, of compromised devices across the globe. They conceal their true locations using multiple proxies and VPN services.
The aviation sector faces particular vulnerability. The airport’s daily operations depend on various digital technologies such as check-in, air traffic control, etc. As a result, an attack on any of their digitally-based systems can disrupt the way airports manage assets and airport operations. By targeting an airport unrelated to the airline’s website, criminals send a clear message about vulnerabilities in airport cybersecurity.
A Pattern of Attack by The Organisation Dark Storm
The recent cyber attack against UK airports is not the first time the Dark Storm group has launched a highly visible cyber attack. Dark Storm has previously claimed responsibility for a large-scale Denial of Service (DDoS) attack against X (formerly Twitter), which occurred in March 2025.
The attack shows that the Dark Storm group can disrupt operations of long-established digital platforms with strong security measures. The cyber attack against the X platform is part of an ongoing effort by Dark Storm to target a large number of critical infrastructure organisations as well as governmental agencies and multinational corporations across several geographical regions.
Dark Storm has an existing record of an increase in criminal activities after they have lost access to its original social media channel (Telegram).
What Could Happen Following This Trend?
The Dark Storm group is now targeting organizations across the Western world, as well as critical infrastructure in the United States, Israel, Ukraine, and the UAE. These attacks highlight a growing threat landscape where transportation and logistical networks, from aviation to railways, are prime targets, as seen in the recent breach of Italy’s national railway system via a global IT provider.
Now, with this attack against airports in the UK, Dark Storm’s motives and targets are becoming much clearer. It appears that they are purposely targeting key critical infrastructures and sending notes about their geopolitical positions.
Dark Storm does not merely target ideological beliefs anymore; they also offer DDoS as a service and attack large organizations of other industries by using large databases that have been provided for them to profit from using cyber tools.
This blurring of hacktivism and for-profit cybercrime reflects a broader global trend of digital offenses, which also includes sophisticated, purely financial schemes like the Burma-based crypto scam recently targeted by the US Justice Department.
Security analysts estimated that the average number of cyberattacks on organizations in the USA was approximately 1,323 per week in February of 2025. Hacktivists have targeted the media and entertainment industries more frequently than many other sectors, raising questions about the resilience of digital infrastructure.
With Dark Storm’s resurgence in targeting government, aviation, defence, and logistical organisations, it has highlighted the urgent need for all organisations to take a serious look at their cybersecurity policies.
All organisations should introduce appropriate preventive measures, including comprehensive threat detection tools, real-time response plans, and effective DDoS prevention mechanisms.
The warning is clear that our critical infrastructure is still susceptible to attacks and that hacktivist organisations are becoming more skilled at determining which organisations they will attack and how.
