Security News > 2021 > June > Researchers Attribute SITA Cyberattack to Chinese Hackers

Researchers Attribute SITA Cyberattack to Chinese Hackers
2021-06-14 17:49

The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say.

Air India revealed that the attack was related to SITA PSS, which processes personally identifiable information.

"The attack on Air India lasted for at least 2 months and 26 days. It took the attackers 24 hours and 5 minutes to spread Cobalt Strike beacons to other devices in the airline's network," Group-IB says.

The security researchers believe that APT41, a prolific Chinese state-sponsored threat actor, was behind the attack on Air India.

In this attack, the threat actor used a specific SSL certificate that was detected on five hosts only, and which the researchers linked to APT41.

SITA claims that the attack launched by APT41 on Air India is not related to the incident involving SITA PSS. "While Air India was impacted by the attack on SITA PSS, the alleged attack on Air India as described in the Group-IB blog was a separate, unrelated cyber-attack. There is no substance in the suggestion of Group-IB that the attack on SITA PSS and the separate attack on Air India were linked or carried out by the same threat actor," SITA told SecurityWeek in an emailed comment.


News URL

http://feedproxy.google.com/~r/securityweek/~3/Pb91pUl_ZPw/researchers-attribute-sita-cyberattack-chinese-hackers