New York public transportation system is attacked by Chinese hackers

Cybersecurity experts report that the computer systems of the New York Metropolitan Transportation Authority (MTA) suffered a new cybersecurity incident possibly linked to the activity of Chinese hacking groups. The incident occurred in late April, though it wasn’t revealed until this week. While the Chinese government’s involvement in some security incidents still considers speculation, in many cases investigations end up confirming these hypotheses.

Experts say that the threat actors managed to carry out the attack thanks to the exploitation of some vulnerabilities present in this massive communications network, responsible for managing the transport used by millions of people a day. Despite the severity of the incident, experts confirmed that users were not affected in any way.

The report also notes that the attack remained active after the initial engagement via a backdoor. In this regard, an MTA representative mentioned that digital forensic analysis did not reveal the presence of such a malicious implementation, in addition to confirming that cybercriminals did not access confidential information of users of the public transportation system.

The agency also maintains that other attack attempts targeting other government and law enforcement agencies were detected, although so far everything indicates that the hackers did not manage to access any of the other networks attacked. This does not mean that the cybersecurity of government agencies is invulnerable, as repeatedly over the past year threat actors have proven to master effective methods and tools for accessing public and private networks.

This isn’t the only recently detected security risk. Just a few hours ago, a specialized platform recently confirmed that a hacking group is exploiting a dangerous zero-day vulnerability in a WordPress plugin; the problem grows when considering that the compromised plugin is installed on almost 20 thousand websites. At the moment it has not been possible to release a security update, so users are advised to disable the vulnerable plugin until it is fixed.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.