Chinese Hackers Target Airline Passenger Records

Chinese hacking group Chimera has been reportedly attacking the airline industry for the past few years to steal passenger data.

Chinese hacking group Chimera has been reportedly attacking the airline industry for the past few years to steal passenger data. 

Researchers from the NCC Group and its FOX-IT subsidiary disclosed that aside from attacking the Taiwanese semiconductor industry, Chimera is stealing information about certain airline passengers in order to launch credential-stuffing and password-spraying attacks against the targets’ organizations.

The researchers said that the attacks took place between October 2019 and April 2020 and were well hidden in the network. 

“How this Passenger Name Records (PNR) data is obtained likely differs per victim, but we observed the usage of several custom DLL files used to continuously retrieve PNR data from the memory of systems where such data is typically processed, such as flight booking servers” explained NCC Group and FOX-IT researchers. 

The hackers were able to penetrate the airline system by using leaked login credentials to gain entry before using Cobalt Strike which was also used in the SolarWinds hack. 

After gaining entry, the hackers would then upload the compressed PNRs to public cloud services using a customized tool to collect them.

The researchers were not sure why the group targeted airlines but speculated that it could be for surveillance. 


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.