Chinese officials have disclosed that a foreign intelligence agency hacked several of its airlines in 2020 and stole passenger travel records.
The hacking campaign was disclosed last week by officials from the Ministry of State Security (MSS), China’s civilian intelligence, security, and secret police agency and was reported in The Record. The hacking campaign was discovered after one of China’s airlines reported a security breach to MSS officials in January 2020.
“After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency,” the MSS said in a press release distributed via state news channels on November 2.
Custom Trojan?
Investigators said they linked the hacks to a custom trojan that the attackers used to exfiltrate passenger details and other data from this first target. A subsequent investigation found other airlines compromised in the same way, according to reports.
The MSS did not formally attribute the attack to any foreign agency or country. In March 2020, two Chinese security firms, Qihoo 360 and QiAnxin published reports accusing the US Central Intelligence Agency of hacking Chinese organizations, including airlines, but the reports referenced historical activities between September 2008 and June 2019.
The United States was behind the largest number of cyber-attacks targeting Chinese networks, according to an annual report on China’s cybersecurity conditions in 2018 released by the National Computer Network Emergency Response Technical Team (CNCERT). Data from the CNCERT showed that in 2018, over 3.34 million computers in China were controlled by more than 14,000 Trojans or botnet control servers located in the U.S., an increase of 90.8 per cent from 2017.
Normally, China (along with North Korea, Iran) are often accused of perpetrating “state sponsored” cyber attacks on other countries. However, this time the situation seems to be the other way around. Recently, the Chinese embassy in Norway said that China is a staunch defender of cyber security and has always resolutely opposed to and cracked down on any form of cyberattacks.
This was in response to Norway claiming that the cyberattack of March on the Storting’s email system originated from China, without prior communication to verify relevant information with the Chinese side, according to the embassy.