Air India | Breaking Cybersecurity News | The Hacker News

Even as a massive data breach affecting Air India came to light the previous month, India's flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41. Group-IB dubbed the campaign "ColunmTK" based on the names of command-and-control (C2) server domains that were used for facilitating communications with the compromised systems.  "The potential ramifications of this incident for the entire airline industry and carriers that might yet discover traces of ColunmTK in their networks are significant," the Singapore-headquartered threat hunting company  said . While Group-IB alluded that this may have been a supply chain attack targeting SITA, the Swiss aviation information technology company told The Hacker News that they are two different security incidents.

India's flag carrier airline, Air India, has  disclosed  a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data. But Air India said neither CVV/CVC numbers associated with the credit cards nor passwords were affected. The airline had previously  acknowledged  the breach on March 19, stating that "its Passenger Service System provider has informed about a sophisticated cyber attack it was subjected to in the last week of February 2021." In March, Swiss aviation information technology company SITA  disclosed  it suffered a "highly sophisticated attack&quo