Foreign hackers stole Flight MH370 data from investigators

The day after the crash of Malaysia Airlines Flight MH370 hackers stole classified data from the computers of senior officials involved in the investigation.

Just after the incident occurred to the Malaysian Airlines Flight MH370 a spear phishing attack targeted 30 government officials and bad actors have stolen classified documents relating to the missing Flight MH370.

“The computers of high-ranking officials in agencies involved in the MH370 investigation were hacked and classified information was stolen.” reported the The Malaysian Star.

Around 30 computers were infected by a malware inoculated through a PDF document which appeared to be a news report about the incident occurred to the Flight MH370.

The cyber attack occurred the day after the Flight MH370 crashed, the document was sent to a group of investigators, the stolen data was allegedly being sent to a computer in China before CyberSecurity Malaysia has detected the theft and interrupted the communication with the C&C server.

“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” “Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the Flight MH370 investigation.” CyberSecurity Malaysia chief exec Dr Amirudin Abdul Wahab said.

The Department of Civil Aviation, the National Security Council and Malaysia Airlines were some of the victims of the cyber attack, despite the security experts identified the infected machine and shut down them, a “significant amounts” of data on the incident occurred to the Flight MH370 had been stolen.

The malware used by attackers was able to evade detection of most popular antivirus programs, this particular led to believe that threat actors are state-sponsored hackers or anyway have high skills.

“This was well-crafted malware that antivirus programs couldn’t detect. It was a very sophisticated attack,” Amirudin said.

Experts at CyberSecurity Malaysia speculated that hackers were searching for alleged “secret” information on Flight MH370 hidden by the Malaysian authorities.

“At that time, there were some people accusing the Government of not releasing crucial information,” “But everything on the investigation had been disclosed.” Amirudin said.

Despite China always denied to have hacked the Malesyan systems, experts consider the Government of Bejing the culprit for the attack because it was searching for information alleged hidden by the Malaysian government.

Of the 239 people travelling on the Flight MH370 152 were Chinese citizens, for this reason, China was within the counties that most of all requested transparency on the incident.

Pierluigi Paganini

(Security Affairs – Flight MH370, cyber espionage)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.