[TheRecord] China says a foreign spy agency hacked its airlines, stole passenger records

Chinese officials said last week that a foreign intelligence agency hacked several of its airlines in 2020 and stole passenger travel records.

The hacking campaign was disclosed last week by officials from the Ministry of State Security, China’s civilian intelligence, security, and secret police agency.

The hacking campaign was discovered after one of China’s airlines reported a security breach to MSS officials in January 2020.

Investigators said they linked the hacks to a custom trojan that the attackers used to exfiltrate passenger details and other data from this first target. A subsequent investigation found other airlines compromised in the same way.

“After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency,” the MSS said in a press release distributed via state news channels last Monday.

The MSS did not formally attribute the attack to any foreign agency or country.

In March 2020, two Chinese security firms, Qihoo 360 and QiAnxin published reports accusing the US Central Intelligence Agency of hacking Chinese organizations, including airlines, but the reports referenced historical activities between September 2008 and June 2019.

China rarely reveals details about foreign cyber-attacks

The press release in itself is a rarity, as the Chinese government almost never reveals attacks carried out by foreign state-sponsored hackers.

This is in direct opposition to how western countries and private cyber-security vendors handle such incidents. As soon as a major security breach happens, western security vendors rush to investigate and publish public blog posts about attacks, with government officials making a formal statement and attribution weeks or months later.

But when it comes to the Middle Kingdom, things are exactly the opposite.

Following the two reports from Qihoo 360 and QiAnxin in March 2020, this reporter reached out to several Chinese security firms and independent security researchers to inquire about how the Chinese state handles foreign cyber-espionage attacks and the subsequent investigation and attribution.

Several sources, including representatives from two major Chinese cybersecurity firms, which we will not name here for obvious reasons, have said that Chinese security firms regularly detect attacks from foreign state actors, including the US.

However, all reports are sent to the Chinese government first and foremost, as part of the local regulatory process, which is the one who decides if news of a breach can be made public. When a western actor with US and NATO links is suspected, this almost never happens.

Sources said they received no feedback on why most of their reports have not been made public nor used to counter the wave hacks attributed to Chinese-linked actors made by western governments and security firms.

The post China says a foreign spy agency hacked its airlines, stole passenger records appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Macquarie Uni researchers find an oversharing of personal data in health apps

All posts, ZDNet

88% of the free health-related apps on Google Play probed by researchers could access and potentially share personal data. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] Atlassian Patches Critical Vulnerability in Jira Data Center Products

All posts, Security Week

Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[TheRecord] More than 300,000 Play Store users infected with Android banking trojans

More than 300,000 Android users were infected with banking trojans after installing apps from the official Google Play Store over the past few months, mobile security firm ThreatFabric said today. The malicious code was hidden inside fully functional apps that operated as QR code scanners, PDF scanners, security tools, fitness apps, and two-factor authenticators. But […]

Read More