India’s flagship airline Air India announced last month it was hit by a huge cyberattack, affecting as many as 4.5 million passengers. Their data, including passport information and some credit card details, had been compromised by unknown hackers.
The apparent link to Air India came via an analysis of what Group-IB claimed was a command and control server used in the attack on the airline. Group-IB researchers found the attacker was using a certificate to validate its web traffic (known as an SSL certificate), and that the certificate was only detected on five servers. One of the IP addresses of those servers had been previously identified by Microsoft as one used by APT41. Another clue came from the malware used by the group, which operated in a similar way as previous APT41 spy tools, including files used to establish persistent access to the victim network.
But a cybersecurity company is now claiming, with “moderate” confidence, that a prolific Chinese government-sponsored espionage and cybercriminal group known as APT41 was to blame for the Air India breach. It could be part of a wider campaign to snoop on the airline industry, according to Singapore-based Group-IB, which showed Forbes its findings on Thursday ahead of publication. APT41 was called out by the FBI in September 2020, and a number of its alleged members indicted for various cybercrimes, including hacks on more than 100 organizations across the world, including in the U.S. The accused are now on the FBI’s Cyber Most Wanted list.
- Are the FBI’s “ Most Wanted ” Chinese Spies Hacking the Airline Industry?
- Check all news and articles from the latest Security news updates.
Disclaimer: If you need to update/edit/remove this news or article then please contact our support team.