Airline Supply Chain Attacks Carried Out By Chinese Hackers

A multinational company that specialises in air transport communications and IT was breached in March following what appears to have been be a highly sophisticated, coordinated supply chain attack. The company, SITA, is one of the leading global IT providers for nearly 90 percent of the world’s airline industry.

It has now confirmed that the attack was widespread and had an impact on multiple airlines around the world. Following their investigation, experts at the leading international cyber security firm Group-IB  say the attack was launched by a Chinese nation-state threat actor they name as APT41. Airlines have been warned to comb through their networks and trace the campaign that may be concealed within their networks. 

Disclosed in early March 2021, the attack was on Air India,  Air New Zealand, Finland’s Finnair, Singapore Airlines, Malaysia Airlines, and Jeju Air in South Korea. SITA has roughly 2,500 customers and provides services in over 1000 airports worldwide.

India's national airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days.Air India said that that approximately “4,500,000 data subjects globally,” were affected. Compromised data includes names, dates-of-birth, passport information, contact information, and additional data.The stolen information included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data. 

Group-IB’s investigation revealed that the first system within Air India’s network to communicate with the attackers’ infrastructure was named SITASERVER4 and that it hosted the Cobalt Strike implant for at least two months before the attcak on SITA.

The attackers used their presence on the network to collect credentials and move laterally,  compromising at least 20 devices within Air India’s network and exfiltrate data.

 Group-IB     CNBC     Security Week:     The Hacker News:     ZDNet:           

You Might Also Read:

Chinese Hackers Attacked EasyJet:

 

« DarkSide May Not Stay Dark For Long
Negotiating Ransom: To Pay Or Not? »

Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

McDermott Will & Emery

McDermott Will & Emery

McDermott Law is an international law firm with offices in North America, Europe and Asia. Practice areas include Privacy and Cybersecurity.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations