Posted on June 5, 2021 at 8:02 AM
A recent report reveals that threat actors breached the server of the Metropolitan Transportation Authority (MTA). The hacking operation took place in April and MTA is reported to be one of the several agencies affected.
According to the report, the threat actors are believed to be linked to the Chinese government.
However, the attack did not compromise any of the rider or employee data. Also, the threat actors were unable to have access to the systems that control the train cars, based on the reports by the transit officials.
The attack was largely unsuccessful
Rafail Portnoy. The agency’s chief technology officer stated that the hackers did not succeed in their plans. “The MTA’s existing multilayered security systems worked as designed, preventing the spread of the attack,” he noted.
He, however, said the agency will remain alert to any subsequent attacks on its systems, considering the increased level of cyberattack in organizations.
An MTA document revealed the intrusion after providing some details about the breach. Recently, state-sponsored threat actors have increased their attacks on organizations, targeting financial institutions, defense contractors, and federal agencies.
FireEye cybersecurity firm has been involved in some of the exposures of these threats.
In April, two groups of hackers had access through a vulnerability in the Pulse Connect Secure. One of the groups was reportedly working for the Chinese government. The vulnerability is coming from a connectivity tool that enables employees to have aces to the employers’ network remotely.
Hackers could have penetrated through a backdoor
The threat actors had access to the system until April 20, when the breach was discovered. By then, they had already infiltrated three of the agency’s 18 computer systems.
The officials raised concerns about the attack a week after the intrusion. According to officials, the threat actors may have hacked into the operational systems or may have extended their penetration in the victim’s operational systems via the back door.
Transit officials stated that it’s not clear whether the threat actors accessed the customers’ personal information, as the forensic analysis of the attack is still ongoing. The attack has been reported to law enforcement and other agencies for further investigation and actions to prevent future attacks.
The third time the transit network was attacked
.This is not the first time the transit network has experienced a cyberattack. However, it’s the most significant according to transit officials.
The latest attack adds to the growing number of attacks experienced by transit agencies at the hands of foreign threat actors usually sponsored by the government. It is also coming at a time when the number of attacks on America’s critical infrastructure has increased massively, from water supply systems to fuel pipelines.
Last month threat actors attacked Colonial Pipeline, one of the largest pipelines in the U.S, leading to a temporary shutdown of the network. This resulted in panic buying throughout the SouthEast, as car owners queued to fuel their vehicles.
Other departments are also not left out. Hospitals and police departments have been targeted in recent months. Most of the hacking incidents involved threat actors stealing and encrypting critical data, seeking payments from their victims to unlock such data.
However, there are no financial demands on the MTA attack. It appears the motivation of the hackers is not financially related, but political. Even though the FireEye security team has reasons to believe the hackers are backed by the Chinese government, it has vehemently denied any involvement in the attack.
All accusing fingers point to China
It’s not clear why the group targeted MTA, but several reasons have been cited. One of them is China’s interest to become the leader in the multi-billion dollar rail car market. As a result, it’s believed that the government is trying to get a massive insight into the market in the U.S. to foster its purpose of dominating the market.
China has been accused by the U.S. government of its unattractive method of using cyberattacks to gain access to the processes and operational methods of top companies. It’s believed that the government is trying to advance its economy to become the dominant superpower.