In late April, officials at the New York Metropolitan Transportation Authority discovered that a group of hackers had penetrated several of the agency’s computer systems, exploiting a zero-day vulnerability in the VPN service. the net as a way to put your foot in the door.
The transport agency, which is tasked with managing a transit system whose daily passenger exceeds 5 million, discovered evidence of intrusion shortly afterwards. an announcement by federal authorities on a foreign piracy campaign directed at Pulse Connect Secure — a VPN service widely used at the time by state, local and federal government agencies.
It is believed that the widespread piracy of the Pulse product has been at least partially the work of a sophisticated threat actor conducting espionage on behalf of the Chinese government. Similarly, in his coverage of the MTA hacking incident, the The New York Times said that the responsible hackers are “believed to have links with the Chinese government.”
On Wednesday, MTA officials confirmed to Gizmodo that someone had exploited the Pulse security flaw to widen their path into the MTA network, but that the hackers had apparently stopped stealing the data. In a statement, the agency said three of its “systems” were affected by the attack, but did not elaborate on what systems they were in or explain what they meant.
Separate forensic audits conducted by Mandiant of FireEye and an IBM security team “found no evidence of account compromise, no violated employee information, no data loss or changes to our vital systems,” MTA officials say. No operating system was affected by the attack, they added.
In addition to the post-incident audit, the Transportation Authority instituted several other security precautions – including “a forced migration out of this VPN to other VPNs” and a requirement that some 3,700 employees and employers change their passwords. as “an extra layer of security,” officials say. In a statement provided to Gizmodo, Rafail Portnoy, Chief Technology Officer of the MTA, reiterated that no data was compromised due to the intrusion.
“The MTA responded quickly and aggressively to this attack, leading Mandiant, a leading cybersecurity company, whose forensic audit found no evidence that operating systems were affected, no information used or customers violated, no loss of data and without changes in our vital systems, ”Portnoy said.
The news of the attempted attack comes during a veritable blitz of cyberattack across the United States, with many attacks aimed at critical infrastructure. While hackers in this case do not seem to have access to anything of real importance, the fact that such a system can be compromised in the first place is disturbing to their face.
U The New York Times reports that an MTA document shows officials have expressed concerns that hackers “could get into those [MTA] operating systems or that could continue to penetrate the agency’s computer systems through a back door. ”Yes, if the idea of a cyber attack paralyzing the R line somewhere between Court Street and South Ferry suits you, we only hope that public agencies like the MTA have a prospective plan for how to secure such scenarios will never become a reality in the future..