Security News > 2021 > June > Researchers Attribute SITA Cyberattack to Chinese Hackers
The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say.
Air India revealed that the attack was related to SITA PSS, which processes personally identifiable information.
"The attack on Air India lasted for at least 2 months and 26 days. It took the attackers 24 hours and 5 minutes to spread Cobalt Strike beacons to other devices in the airline's network," Group-IB says.
The security researchers believe that APT41, a prolific Chinese state-sponsored threat actor, was behind the attack on Air India.
In this attack, the threat actor used a specific SSL certificate that was detected on five hosts only, and which the researchers linked to APT41.
SITA claims that the attack launched by APT41 on Air India is not related to the incident involving SITA PSS. "While Air India was impacted by the attack on SITA PSS, the alleged attack on Air India as described in the Group-IB blog was a separate, unrelated cyber-attack. There is no substance in the suggestion of Group-IB that the attack on SITA PSS and the separate attack on Air India were linked or carried out by the same threat actor," SITA told SecurityWeek in an emailed comment.
News URL
Related news
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign (source)
- MoneyGram confirms hackers stole customer data in cyberattack (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)