Star Alliance, the world’s largest global airline alliance, has reportedly fallen victim to a cyber attack by the notorious Türk Hack Team.
Falcon Feeds, a threat intelligence service, took to Twitter to share news of the alleged breach. Their tweet included an image displaying the actor’s assertion of responsibility for the cyber attack on Star Alliance.
The threat actor’s post read, “7 Star Alliance Downed By. Turk Hack Team. We play with your systems the way we want.”
The Cyber Express has contacted the company to confirm the alleged cyber attack on Star Alliance. However, as of now, no official response has been received.
Star Alliance, consisting of major carriers like Air China, Swiss, and Air Canada, frequently shares data between its members to ensure mutual benefits.
With a passenger count of 762.27 million as of April 2018, Star Alliance is the largest among the three global alliances. This other two alliances are SkyTeam, with 630 million passengers, and Oneworld, with 528 million passengers.
Comprised of 26 member airlines, Star Alliance commands a combined fleet of approximately 5,033 aircraft. The alliance serves over 1,290 airports across 195 countries, with more than 19,000 daily departures.
Cyber attack on Star Alliance: A continuous menace
Turkhackteam, founded in 2004, is one of Turkey’s oldest and most influential hacking collectives.
Their forum maintains a comprehensive list of nearly 30 highly-publicized hacking campaigns, targeting both foreign government and commercial websites, including those of international corporations.
At present, no specific families are associated with this particular threat actor.
Although this alleged cyber attack on Star Alliance has raised concerns about how airlines could fight against hackers, it is not the first time Star Alliance has found itself in the crosshairs of cybercriminals.
The Guardian previously reported a cyber attack resulting in the theft of hundreds of thousands of Star Alliance passengers’ details.
The breach occurred through an attack on Sita, an IT systems operator serving around 90% of the global aviation industry, including airlines such as Singapore, Lufthansa, and United.
Based in Geneva, Sita disclosed that a “highly sophisticated” cyber attack compromised passenger data stored on its servers.
The data breach occurred on February 24, 2021, prompting Sita to take immediate action by informing affected customers and associated organizations, as reported by TechCrunch.
Cyber attack on Star Alliance and why hackers target airlines
The previous cyber attack on Star Alliance also affected members including Malaysia Airlines, Singapore Airlines, Finnair, and Jeju Air from South Korea.
These airlines were promptly informed about the breach of Sita’s passenger service system (PSS) servers. SITA Passenger Service System (US) Inc, which operates these systems, stores data on servers in its data center in Atlanta, United States.
Passengers of Lufthansa, Cathay Pacific, Air New Zealand, and other Star Alliance members also fell victim to the breach.
Air New Zealand emailed its customers, revealing that “some of our customer’s data as well as that of many other Star Alliance airlines,” had been compromised.
However, the breached data was limited to individual names, tier statuses, and membership numbers.
Sensitive information such as passwords, credit card details, itineraries, reservations, ticketing, passport numbers, email addresses, and contact information remained unaffected.
However, this data sharing feature has turned against Star Alliance, as hackers can use this data to attack multiple airlines and passengers traveling through these airlines.
The aviation industry experiences a ransomware attack, according to a Eurocontrol a report titled “Airlines under attack: Faced with a rising tide of cybercrime, is our industry resilient enough to cope?
The cost of implementing measures to mitigate ransomware alone is projected to be more than EUR 20 billion annually for global companies.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.