Hackers Linked to the Chinese Government Attacked the NYC MTA’s Computer Systems
MTA Say Riders Were Never at Risk, and Probably No Passenger or Employee Data Was Compromised.
New York City’s Metropolitan Transportation Authority (MTA), which runs the city’s bus and subway systems, has disclosed on Wednesday it had its systems hacked in April 2021.
The Metropolitan Transportation Authority (MTA) is a public benefit organization that is in charge of public transportation in the New York City metropolitan area of the U.S. state of New York.
The MTA is the largest public transit authority in the United States, carrying over 11 million passengers on an average weekday systemwide, and over 850,000 vehicles on its seven toll bridges and two tunnels per weekday.
The threat actors, believed to have connections to the Chinese Government, penetrated the MTA network employing flaws in Pulse Connect Secure, a commercial VPN solution that provides employees remote access to their company’s network.
As stated by Rafail Portnoy, MTA’s Chief Technology Officer, the cybercriminals did not obtain access to systems that control train cars and rider safety was not at risk, adding that the intrusion seemed to have done little damage. No access to staff or customer-sensitive data was acquired during the hack.
The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cybersecurity firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss, and no changes to our vital systems.
MTA officials stated the attack occurred at around 8 p.m. on April 20. It said the Cybersecurity and Infrastructure Security Agency, National Security Agency, and FBI informed MTA of the breach.
By the next morning, MTA declared it had executed the required security patches, recommended by CISA, to fix the flaw.
Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing the spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat.
According to a cybersecurity company that collaborates with the federal government, the attack on the MTA did not involve financial requests and instead seems to be part of a recent series of global intrusions by sophisticated Chinese threat actors.
The M.T.A. is one of a growing number of transit agencies across the U.S. targeted by foreign cybercriminals and the breach comes during a rise in cyberattacks on critical American infrastructure, from fuel pipelines to water supply systems.
The cyberattack is the newest revelation concerning a series of high-profile attacks crossing the country’s oil and food transportation services. At the beginning of May, Colonial Pipeline was attacked by Russia-linked cybercriminals. JBS, the world’s largest meatpacking organization, was also hacked, being forced to shut down production at several sites all over the world.
We still don’t know why the MTA was one of the victims, but one theory is China’s desire to dominate the multibillion-dollar market for rail cars and the hack would give the attackers information about the inner workings of a transit system.
Another theory is that cybercriminals mistakenly accessed the MTA’s system and discovered it was of little interest, which cybersecurity experts say is not unusual.
Transit officials say a forensic analysis of the attack has shown the hackers did not make any changes to the agency’s operations, collect any employee or customer information such as credit card numbers, or compromise any MTA accounts.
The agency reported the attack to law enforcement and other state agencies but has not disclosed it publicly.