Even as a massive data breach affecting Air India came to light the previous month, India’s flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41.
Group-IB dubbed the campaign “ColunmTK” based on the names of command-and-control (C2) server domains that were used for facilitating communications with the compromised systems.
“The potential ramifications of this incident for the entire airline industry and carriers that might yet discover traces of ColunmTK in their networks are significant,” the Singapore-headquartered threat hunting company said.
While Group-IB alluded that this may have been a supply chain attack targeting SITA, the Swiss aviation information technology company told The Hacker News that they are two different security incidents.
“The airline confirmed vis-à-vis SITA on June 11, 2021 that the cyber attack on Air India […] is not the same or in any way linked to the attack on SITA PSS,” SITA told our publication over email.
Also known by other…