Cyber Incident Victim: United Airlines
Date:
Jul 2015
Location:
United States of America
Summary
A report from Bloomberg reveals that the hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time: United Airlines. The attacked probably happened in May, early June.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In July 2015, United Airlines suffered a cyber attack that was linked to Chinese hackers with the motive of espionage. According to an online article published by Bloomberg on July 29th, 2015, the attack involved exfiltration from an application server, which allowed the hackers to steal sensitive data from United Airlines' systems.
The cyber incident was first discovered when United Airlines noticed unusual network activity coming from one of its servers. An investigation revealed that a group of hackers had gained unauthorized access to the company's system and were able to exfiltrate sensitive information, including employee personal data and travel itineraries of some customers.
The attack was believed to be carried out by Chinese hackers, who have been linked to several high-profile cyber attacks in the past. The motive for the attack is thought to be espionage, with the hackers seeking to gain access to sensitive information that could potentially give them a competitive advantage or provide valuable intelligence.
The exfiltration technique used by the hackers involved exploiting a vulnerability in United Airlines' application server. This allowed them to transfer data from the system without being detected, making it difficult for security teams to identify and stop the attack. The incident highlights the ongoing threat of cyber attacks against companies and organizations, and the need for robust security measures to protect sensitive information.
United Airlines took immediate action after discovering the breach, including notifying affected customers and employees, as well as working with law enforcement agencies to investigate the attack. The airline also implemented additional security measures to prevent similar incidents in the future.
The cyber incident at United Airlines serves as a reminder of the importance of protecting sensitive information from cyber threats. Companies and organizations must remain vigilant in their efforts to secure their systems, and take proactive steps to prevent attacks before they occur. This includes implementing robust security measures, such as firewalls, intrusion detection systems, and encryption technologies, as well as regularly updating software and systems to ensure they are protected against the latest threats.
The cyber attack on United Airlines in July 2015 highlights the ongoing threat of cyber attacks against companies and organizations. The incident demonstrates the need for robust security measures to protect sensitive information, as well as the importance of being proactive in preventing such incidents from occurring in the first place. By taking a comprehensive approach to cybersecurity, companies can help ensure their systems are secure and protected against the ever-evolving threat landscape.