The Chinese government claimed on November 1, 2021, via official media, that foreign spy services had infiltrated various airlines and stolen passenger travel details. According to reports, such a pronouncement by the Chinese government is unprecedented.
Authorities from China's Ministry of State Security, the country's civilian intelligence, security, and secret police agency, revealed the hacking effort the week before. The hacking activity was uncovered in January 2020 when one of China's airlines disclosed a security vulnerability to MSS officers.
Investigators claimed they traced the breaches to a proprietary malware used by the attackers to steal passenger information and data from the very first victim. Following an inquiry, it was discovered that other airlines had been infiltrated in the same way.
“After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency,” the MSS said in a press release distributed via state news channels.
The MSS did not officially assign responsibility for the operation to any foreign organization or government. Two Chinese security firms, Qihoo 360 and QiAnxin, produced papers in March 2020 alleging the US Central Intelligence Agency of hacking Chinese enterprises, especially airlines, however the claims referred to past actions spanning between September 2008 and June 2019.
The news statement is noteworthy in and of itself, given the Chinese government usually never discloses attacks carried out by foreign state-sponsored hackers.
This is in stark contrast to how Western nations and commercial cyber-security providers handle similar crises. When a big security breach occurs, western security firms hurry to investigate and publish public blog articles about the assault, with government authorities issuing a formal statement and attribution weeks or months later. When it concerns the Middle Kingdom, things are quite the reverse.
Following the major two reports from Qihoo 360 and QiAnxin in March 2020, this reporter contacted numerous Chinese security businesses and unaffiliated security researchers to enquire about how the Chinese state conducts international cyber-espionage assaults and the ensuing investigations and attribution.
Several individuals, including officials from two large Chinese cybersecurity organizations, have stated that Chinese security firms routinely identify assaults involving foreign state actors, including the US.