This article is more than 1 month old.

China backed APT41 behind SITA and Air India cyber attacks

Mini

The report states, though the Air India attack lasted for just 4 days short of 3 months, it took the threat actors only 24 hours and 5 minutes to spread Cobalt Strike beacons to the other devices in the airline’s network.

China backed APT41 behind SITA and Air India cyber attacks

The recent cyberattack on air travel solutions software major SITA and a number of airlines including Air India have been linked to the Chinese state-sponsored threat actor APT41.

Airlines have been warned to comb through their networks and trace the campaign that may be concealed within their networks. SITA is one of the leading global IT providers for nearly 90 percent of the world’s airline industry.

According to a report by Group-IB analyst Nikita Rostovcev, "After Air India, it was evident the world’s national carriers are dealing with one of the biggest supply-chain attacks in the airline’s history. SITA’s data breach is estimated to have revealed data of 4.5 million passengers."

Also read:

The report states, though the Air India attack lasted for just 4 days short of 3 months, it took the threat actors only 24 hours and 5 minutes to spread Cobalt Strike beacons to the other devices in the airline’s network. SITA is responsible for processing Air India’s personal customer data. The hacked data was put for sale on a leak site for $3,000.

The Group-IB report further said, "The campaign’s code name is ColunmTK. It was formed by combining the first two domains used for DNS tunneling in the attack. "

The ColunmTK campaign committed by APT41 is also known as Wicked Panda, Wicked Spider, Winnti, and Barium. Active since 2007 APT41 is known for supply-chain attacks, cyber espionage, and financial cybercrimes.

The US Department of Justice last year charged five Chinese nationals for hacking more than 100 companies in the US and worldwide. The five have also been charged with attacking NGOs, universities, foreign governments, and Hong Kong-based pro-democracy politicians and activists.

The data breach at Air India involved the personal data of customers which included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card information.

Security-related information such as passwords or CVV numbers of the customers however was not stolen as SITA was not in charge of the same.

SITA post disclosure of the cyberattack revealed Star Alliance and One World airlines were also attacked apart from Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, Air New Zealand, Cathay Pacific, Singapore Airlines, among others.

Market Movers

CompanyPriceChng%Chng
Dr Reddys Labs4,843.35 -567.90 -10.49
Cipla913.10 -37.45 -3.94
Axis Bank731.70 -24.60 -3.25
Adani Ports663.20 -19.60 -2.87
Divis Labs4,791.40 -129.75 -2.64
CompanyPriceChng%Chng
Dr Reddys Labs4,844.35 -564.80 -10.44
Axis Bank731.75 -24.40 -3.23
Kotak Mahindra1,697.95 -42.45 -2.44
Sun Pharma688.00 -15.55 -2.21
HDFC2,434.75 -29.40 -1.19
CompanyPriceChng%Chng
Hindalco417.35 17.30 4.32
SBI Life Insura1,105.15 28.50 2.65
Tata Steel1,330.65 32.70 2.52
Bajaj Finserv13,807.85 282.80 2.09
SBI429.95 6.65 1.57
CompanyPriceChng%Chng
Tata Steel1,330.50 32.40 2.50
Bajaj Finserv13,801.20 275.85 2.04
SBI429.45 6.15 1.45
Bajaj Finance6,231.20 69.05 1.12
Nestle18,238.40 160.85 0.89

Currency

CompanyPriceChng%Chng
Dollar-Rupee74.46000.04250.06
Euro-Rupee88.14600.44400.51
Pound-Rupee103.38800.70900.69
Rupee-100 Yen0.67900.00490.71