Chinese state-linked cyber actor allegedly behind attack on global airline industry

Air India

A GROUP OF COMPUTER hackers with close links to the Chinese state are allegedly behind a wide-scale attack on the global airline industry, which includes espionage, as well as financial motives, according to a new report. If confirmed, the attack would constitute a global campaign against a single industry that is unprecedented in size, according to experts.

The most recent victim of this series of worldwide attacks is Air India, India’s government-owned flagship air carrier. In May of this year, the company was targeted by what officials described as “a highly sophisticated attack” that had begun over two months earlier. It was indeed in early February that the hackers had begun to collect information about Air India and trying to infiltrate its networks through a combination of methods, including spear-phishing. The resulting compromise affected the data of some 4.5 million of Air India’s passengers. Stolen information included passengers’ credit card details, as well as passport information, such as names and dates of birth.

But in a new report issued on Thursday, the Singapore-based cybersecurity firm Group-IB said that the methodology used by the perpetrators of the Air India attack resembled those used to hack other airline carriers around the world. Other victims have included Singapore Airlines, Malaysia Airlines, Finnair, as well as SITA, a Swiss-based provider of information technology services to airline operators in over 200 countries and territories around the world.

What is more, the Group-IB report claims “with moderate confidence” that the attacks on the global airline industry are being perpetrated by APT41. Also known as BARIUM, APT41 is a highly prolific group of computer hackers that is widely believed to be connected with the Chinese government. Since first appearing on the scene in 2006, APT41 has amassed a list of victims that include firms from almost every imaginable industry, including manufacturing, telecommunications, transportation, healthcare and defense. Some of its strikes are clearly financially motivated and include ransomware attacks. Others are espionage-related and point to the information needs of a nation-state —allegedly China.

In 2020, the United States Federal Bureau of Investigation added five members of APT41 to its “Most Wanted” list. The accompanying press statement accusing the five men of conducting “supply chain attacks to gain unauthorized access to networks throughout the world”, and attacking a host of companies on nearly every continent, including the Americas.

Author: Joseph Fitsanakis | Date: 11 June 2021 | Permalink

News you may have missed #882 (cybersecurity edition)

Andrew LewmanBy IAN ALLEN | intelNews.org
►►GCHQ launches ‘Cyber Security Challenge’. Britain’s signals intelligence agency, GCHQ, has created a new online game to find new recruits and test the public’s ability to deal with hacking attacks. The new game, named Assignment: Astute Explorer, will give registered players the chance to analyze code from a fictitious aerospace company, identify vulnerabilities and then suggest fixes.
►►Chinese hackers spied on investigators of Flight MH370. Malaysian officials investigating the disappearance of flight MH370 have been targeted in a hacking attack that resulted in the theft of classified material. The attack hit around 30 PCs assigned to officials in Malaysia Airlines, the country’s Civil Aviation Department and the National Security Council. The malware was hidden in a PDF attachment posing as a news article that was distributed on 9 March, just one day after the ill-fated Malaysian Airlines Boeing 777 disappeared en route from Kuala Lumpur to Beijing.
►►Developer alleges NSA and GCHQ employees are helping Tor Project. Tor is a free software used for enabling online anonymity and resisting censorship. It directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user’s location or usage. Interestingly, its executive director, Andrew Lewman, has told the BBC that employees of the NSA and GCHQ offer his team of programmers tips “on probably [a] monthly” basis about bugs and design issues that potentially could compromise the [Tor] service”. He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were “upset that they are spying on Americans”.