New York Subway Hit by Cyberattack with Alleged Chinese Origins

As reported by the New York Times, the NY Metropolitan Transportation Authority (MTA) published documents disclosing a cyberattack on the IT infrastructure of the New York subway.

According to the report, a cyberattack that is believed to originate from a hacker group based in China and linked with the Chinese government took place in the second half of April 2021. The attack exposed a zero-day vulnerability which led to a joint alert issued by the FBI and the National Security Agency, together with the US Cybersecurity Infrastructure Agency (CISA) on April 20.

The CISA gave precise instructions concerning the patches needed and they were implemented within hours, as soon as April 21. Additionally, the MTA contacted IBM and cybersecurity company Mandiant for further investigation and a security audit of its systems.

Thankfully, the hackers did not manage to get hold of any critical systems that control the normal operation of subway trains, so there was no immediate risk for the lives and safety of the subway passengers. Despite the early calming conclusion that the attack had caused virtually no damage, a few days later concerns were raised about a possible backdoor installed by the hackers that could give them access to crucial parts of the MTA infrastructure.

The investigation and forensic analysis conducted with the help of IBM and Mandiant did not show any signs of data theft. This cyberattack constitutes the third time MTA's network has become the target of hackers.

This attack happened within days of another large-scale ransomware attack that momentarily crippled another huge chunk of US vital infrastructure. Colonial Pipeline, one of the country's biggest suppliers of liquid fuels, had its operations temporarily forced to a halt by a ransomware attack attributed to the DarkSide hacker group.

Officials believe the recent attack on the NY subway system to be one of many instances, together comprising a wider campaign believed to be backed up by the Chinese government. The Asian country's government has firmly and consistently denied any involvement in such attacks.

One of the theories behind the relatively benign intrusion into the MTA's network is that the hackers may have simply entered the wrong house, metaphorically speaking. It is not very uncommon for hacking operations to simply target the wrong infrastructure, the New York Times reported.

The most recent instance of a cyberattack targeting a large US entity was an attack believed to be conducted by Russian-linked hacker group REvil that deployed the Sodinokibi ransomware on the networks of America's largest meat supplier - JBS USA Holdings.

June 3, 2021