A Chinese Hacking Group Is Stealing Airline Passenger Details

An anonymous reader quotes a report from ZDNet: A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera. Believed to be operating in the interests of the Chinese state, the group’s activities were first described in a report [PDF] and Black Hat presentation [PDF] from CyCraft in 2020. The initial report mentioned a series of coordinated attacks against the Taiwanese superconductor industry.

But in a new report published last week by NCC Group and its subsidiary Fox-IT, the two companies said the group’s intrusions are broader than initially thought, having also targeted the airline industry. These attacks targeted semiconductor and airline companies in different geographical areas, and not just Asia, NCC and Fox-IT said. In the case of some victims, the hackers stayed hidden inside networks for up to three years before being discovered. “The goal of targeting some victims appears to be to obtain Passenger Name Records (PNR),” the two companies said. While the NCC and Fox-IT report didn’t speculate why the hackers targeted the airline industry and why they stole passenger data, this is pretty obvious. In fact, it is very common for state-sponsored hacking groups to target airline companies, hotel chains, and telcos to obtain data they could use to track the movements and communications of persons of interest.