IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

China-linked hacking group targeted New York MTA

New York transit agency says the breach had no impact on customers

Hackers with suspected ties to the Chinese government breached systems belonging to New York's Metropolitan Transportation Authority (MTA).

According to the New York Times, the attacks took place in April but have only now come to light. Hackers didn't breach any systems used to control train cars or access any employee or passenger data, but researchers believe they might have implanted a backdoor to allow future access.

Federal authorities, including the FBI, alerted the MTA, which is responsible for transportation in the Big Apple, on April 20. It's the largest network in the US, with over 15.3 million users around New York City. It also runs the MTA New York City Transit, MTA Bus, Long Island Railroad, Metro-North Railroad, and MTA Bridges and Tunnels.

"The MTA's existing multilayered security systems worked as designed, preventing spread of the attack," the agency's chief technology officer Rafail Portnoy told the Times. "We continue to strengthen these comprehensive systems and remain vigilant as cyber attacks are a growing global threat."

"The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss, and no changes to our vital systems," he added.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

The leaked MTA document outlined the breach, which was one of many incidents carried out by hacking groups tied to Beijing that targeted federal agencies, defense contractors, and financial institutions.

Over two days in the second week of April, two hacking groups, one said to be working on behalf of China, gained access via a flaw in Pulse Connect Secure, a legitimate remote access tool.

The hackers held access until April 20, when MTA discovered the attack. By then, hackers had compromised three of the MTA's 18 computer systems. It was then the MTA alerted federal authorities.

It is not known why hackers targeted the MTA. Those investigating the case said that China may be trying to obtain data on the transit network to gain an advantage in the international rail car market.

 As a precaution, the MTA has made the 3,700 users on its systems change their passwords.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022