Security News > 2021 > June > Researchers Attribute SITA Cyberattack to Chinese Hackers
The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say.
Air India revealed that the attack was related to SITA PSS, which processes personally identifiable information.
"The attack on Air India lasted for at least 2 months and 26 days. It took the attackers 24 hours and 5 minutes to spread Cobalt Strike beacons to other devices in the airline's network," Group-IB says.
The security researchers believe that APT41, a prolific Chinese state-sponsored threat actor, was behind the attack on Air India.
In this attack, the threat actor used a specific SSL certificate that was detected on five hosts only, and which the researchers linked to APT41.
SITA claims that the attack launched by APT41 on Air India is not related to the incident involving SITA PSS. "While Air India was impacted by the attack on SITA PSS, the alleged attack on Air India as described in the Group-IB blog was a separate, unrelated cyber-attack. There is no substance in the suggestion of Group-IB that the attack on SITA PSS and the separate attack on Air India were linked or carried out by the same threat actor," SITA told SecurityWeek in an emailed comment.
News URL
Related news
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)