Pierluigi Paganini
July 30, 2015
A Chinese APT group believed to be responsible for a series of high-profile data breaches that affected the U.S. Office of Personnel Management, the Anthem, and more recently the United Airlines.
According the media agency Bloomberg, the United Airlines detected a cyber attack into its computer network at the end of May or early June, the journalists cited some unnamed sources familiar with the incident.
The source confirmed that the hacking crew that hacked United Airlines systems is the same APT that successfully carried out several cyber attacks.
Why the hackers targeted the United Airlines?
The investigators suspect that the Chinese APT is gathering information on million of Americans to run further attacks.
“The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.” states Bloomberg.
The situation is scaring, if the news is confirmed, the Chinese hackers can cross this data with records stolen from the federal personnel office discovering the movements of personnel working in defense and intelligence, including contractors that are privileged targets for cyber espionage campaign. The situation is worse if we consider that possibility that hackers could cross-reference the huge amount of data with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances.
When cyber security experts reference Chinese APT, in the majority of cases they consider these groups linked to the Government of Beijing.
Contacted for a comment, United Airlines didn’t immediately respond.
The situation is very concerning, according to a report submitted as testimony by Greg Wilshusen, director of information security issues at GAO, in a recent congressional hearing cybersecurity incidents that involved federal government have increased more than 1,000 percent since 2006.
The document reports that in the fiscal year 2014, federal agencies suffered 67,168 cyber security incidents that exposed personally identifiable information (PII), meanwhile the number of incidents in 2006 was just 5,503 (+ 1,121%).
The number of cyber attacks increased as never before as their level of sophistication, it is essential that private firms and Government agencies will increase resilience of their systems against cyber attacks.
At the time I was writing another worrying news is circulating on the web, part of a Pentagon email network taken down over suspicious activity, the US authorities are investigating on the alleged intrusion.
(Security Affairs – Pentagon, United Airlines)
