A hacking group from China is suspected of attacking the aviation industry in order to obtain data from passengers in recent years. It was reportedly done to track the movement of People of Interest to China. Zdnet reported that the hackers attacked the data under the name Chimera.
The group also works for the Chinese state. Initially, the group’s activities were reported in a Black Hat presentation by CyCraft in 2020.
In their initial findings, they found a series of coordinated attacks against Taiwan’s superconductor industry.
Last week the NCC Group released a new report claiming that interference with their data is more extensive than previously thought. The subsidiary Fox-IT also reported this. In this case, too, the aviation industry was targeted.
“The NCC Group and Fox-IT have observed this threat actor in various incidents that were carried out between October 2019 and April 2020,” Zdnet quoted the company as saying.
Also read: US Intel agencies say Russia is likely behind hacking government agencies
Both companies said the attacks targeted airline and semiconductor companies in different parts of the world, not just Asia.
In many cases, hackers hid on networks for three years before being discovered.
According to reports, the attack on the semiconductor industry was aimed at stealing intellectual property, while in the case of the aerospace industry, the target was different.
Also read: European Medicines Agency hacking: Pfizer-BioNTech confirms vaccine documents have been “illegally accessed”
The companies claimed that the hackers were targeting victims in order to obtain passenger name records or what is commonly known as PNR.
The report by NCC and Fox-IT mentions how Chimera works. First, credentials are collected that became publicly available following data breaches by other companies.
As soon as the data was accessed and collected, the information was uploaded to OneDrive, Dropbox or Google Drive, as the data traffic flowing into these services is hardly checked.
