June 3 (UPI) — Officials with the Metropolitan Transportation Authority of New York City revealed that a hacker group suspected to be tied to the Chinese government infiltrated North America’s largest transportation system.
The MTA said Wednesday that the breach occurred in April, affecting three of its 18 systems though no operations were impacted and no employee or customer information was leaked.
“The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat,” MTA Chief Technology Officer Rafail Portnoy said in a statement.
The attack was first reported on by The New York Times, which saw a document that outlined the extent of the breach, stating it had done little to no damage though some 3,700 employees and contractors were required to change their passwords for security reasons.
The Times reported the hackers used the vulnerabilities in the Pulse Connect Secure system to infiltrate the MTA.
At around the time of the attack, it was revealed that Chinese state-sponsored hackers had infiltrated U.S. and European government organizations as well as defense and technology companies through vulnerabilities in the Pulse Secure system that provides remote access to networks.
The Cybersecurity and Infrastructure Security Agency announced it was aware of hackers exploiting vulnerabilities in Ivanti Pulse Connect Secure system in an effort to compromise “U.S. government agencies, critical infrastructure entities and private sector organizations.” It also offered guidance on how to fix the issues of concern.
Cybersecurity firm FireEye, who owns Mandiant, which MTA brought on to deal with its attack, said in April it was tracking the infiltrations, and suspected them to have been conducted “on behalf of the Chinese government.”
The revelation comes amid a surge in cyberattacks targeting both the private and public sector in the United States.
Last month, Russian hackers were blamed for halting the U.S. operations at Colonial Pipeline and most recently at JBS in two separate ransomware attacks, the former being attributed to hacker group DarkSide and the latter to REvil, which also goes by the name Sodinokibi.
Late last month, Russia-linked hackers blamed for the SolarWinds attack in December targeted some 150 government agencies, think tanks and non-governmental organizations through a spear-phishing campaign where they sent their targets emails that appeared to come from the U.S. Agency for International Development.
On Wednesday, a ransomware attack disrupted the ticket buying for a ferry service to Martha’s Vineyard and Nantucket, Mass.
As these attacks continue, cybersecurity has become a growing issue for the Biden administration during its first few months in office, prompting President Joe Biden May 12 to sign an elaborate executive order to strengthen the nation’s cybersecurity while late that month, Secretary of Homeland Security Alejandro Mayorkas offered a proposed budget for the next fiscal year that included an additional $2.1 billion to beef up virtual defenses.