Chinese state-linked cyber actor allegedly behind attack on global airline industry

Air India

A GROUP OF COMPUTER hackers with close links to the Chinese state are allegedly behind a wide-scale attack on the global airline industry, which includes espionage, as well as financial motives, according to a new report. If confirmed, the attack would constitute a global campaign against a single industry that is unprecedented in size, according to experts.

The most recent victim of this series of worldwide attacks is Air India, India’s government-owned flagship air carrier. In May of this year, the company was targeted by what officials described as “a highly sophisticated attack” that had begun over two months earlier. It was indeed in early February that the hackers had begun to collect information about Air India and trying to infiltrate its networks through a combination of methods, including spear-phishing. The resulting compromise affected the data of some 4.5 million of Air India’s passengers. Stolen information included passengers’ credit card details, as well as passport information, such as names and dates of birth.

But in a new report issued on Thursday, the Singapore-based cybersecurity firm Group-IB said that the methodology used by the perpetrators of the Air India attack resembled those used to hack other airline carriers around the world. Other victims have included Singapore Airlines, Malaysia Airlines, Finnair, as well as SITA, a Swiss-based provider of information technology services to airline operators in over 200 countries and territories around the world.

What is more, the Group-IB report claims “with moderate confidence” that the attacks on the global airline industry are being perpetrated by APT41. Also known as BARIUM, APT41 is a highly prolific group of computer hackers that is widely believed to be connected with the Chinese government. Since first appearing on the scene in 2006, APT41 has amassed a list of victims that include firms from almost every imaginable industry, including manufacturing, telecommunications, transportation, healthcare and defense. Some of its strikes are clearly financially motivated and include ransomware attacks. Others are espionage-related and point to the information needs of a nation-state —allegedly China.

In 2020, the United States Federal Bureau of Investigation added five members of APT41 to its “Most Wanted” list. The accompanying press statement accusing the five men of conducting “supply chain attacks to gain unauthorized access to networks throughout the world”, and attacking a host of companies on nearly every continent, including the Americas.

Author: Joseph Fitsanakis | Date: 11 June 2021 | Permalink

News you may have missed #688

U-2 surveillance aircraftBy IAN ALLEN| intelNews.org |
►►Analysis: StratFor email leaks offer frightening view of government intelligence. As promised in December, WikiLeaks has begun to release a stash of emails related to the modus operandi of the private intelligence sector, using Texas-based StratFor as a case study. The CIA has long used private intelligence firms for ‘black ops’, allowing for plausible deniability in the event that an operation goes pear-shaped and public accountability threatens. But these emails suggest that there’s now far more to the incompetence of America’s intelligence services than meets the eye.
►►US still using U-2 to spy on North Korea. For more than 35 years, the U-2 has been one of Washington’s most reliable windows into military movements inside North Korea. Unlike satellites, U-2s can be redirected at short notice to loiter over target areas. Last month, the US Air Force postponed at least until 2020 any plans to replace them with costlier, unmanned Global Hawks. Now, as the world watches for signs of instability during North Korea’s transition to a new leadership, the U-2 operations are as important ―or more so― than ever.
►►Thin line separates cyberspies from cybercriminals. New research appears to raise questions over the conventional wisdom that pure nation-state cyberspies rarely dabble in traditional financial cybercrime. Dell SecureWorks Wednesday shared details of a complex study it conducted of two families of espionage malware that have infected government ministry computers in Vietnam, Brunei, Myanmar, Europe, and at an embassy in China.

One in four US hackers is FBI informant, says report

2600 magazine

2600 magazine

By JOSEPH FITSANAKIS | intelNews.org
Experienced observers with strong links in the American computer hacker community estimate that around 25 percent of its members are working as informants for the Federal Bureau of Investigation and other US government agencies. This according to an investigative report published in British quality broadsheet The Guardian, which claims that the large numbers of government operatives have spread unprecedented “paranoia and mistrust” inside the US computer hacker underground. According to the report, the authorities have made significant inroads, not by training their officers in hacking skills, but by employing the threat of lengthy prison sentences as a means of convincing captured hackers to turn into government informants. This technique is largely responsible for the creation of an “army of informants” operating “deep inside the hacking community” in the US. An example provided in the report is the infiltration of online forums used by the cybercriminal community as marketplaces for credit card, bank account, and other stolen identity information, which are often traded in bulk around the world. Read more of this post

Comment: Post-9/11 Intelligence Turf Wars Continue

Rod Beckstrom

Rod Beckstrom

By IAN ALLEN* | intelNews.org |
The stern assurances given to Americans after 9/11, that destructive turf wars between US intelligence agencies would stop, appear to be evaporating. Earlier this week, Rod Beckstrom, who headed the National Cyber Security Center (NCSC) at the US Department of Homeland Security (DHS), announced his resignation amidst a bitter row between the DHS and the National Security Agency (NSA) over the oversight of American cybersecurity. In a letter (.pdf) addressed to DHS Secretary Janet Napolitano, and carbon-copied to nearly every senior US intelligence and defense official, Beckstrom blasted the lack of “appropriate support [for NCSC] during the last administration”, as well as having to wrestle with “various roadblocks engineered within [DHS] by the Office of Management and Budget”. Most of all, Beckstrom, an industry entrepreneur who remained in his NCSC post for less than a year, accused the NSA of subverting NCSC’s cybersecurity role by trying to “subjugate” and “control” NCSC. 

Read more of this post

British authorities admit to hacking computers

By JOSEPH FITSANAKIS | intelNews.org |
The British Home Office has joined an EU-wide agreement that prompts European law enforcement agencies to resort to computer hacking (termed “remote searching” in the official document) in order to combat cyber crime. Commenting on the move, a spokesman for the UK Association of Chief Police Officers (ACPO) admitted that British law enforcement and intelligence agencies already conduct “a small number” of such operations every year. Specifically, the spokesman said that “remote searching”, which allows the authorities to covertly examine the contents and activity of targeted computers, was employed during “194 clandestine searches […] of people’s homes, offices and hotel bedrooms”. Read more of this post