Unidentified sources told Bloomberg that United detected the breach in May or early June 2015, and that investigators linked the cyber attack to the group of Chinese hackers responsible for the OPM and Anthem breaches.
Still, Chinese embassy spokesman Zhu Haiquan told Bloomberg that the Chinese government never engages in cyber attacks. “We firmly oppose and combat any forms of cyberattacks,” he said.
Because the hackers embedded their targets’ names in Web domains and phishing emails, OPM investigators were able to draw up a list of possible victims in the private sector, including United Airlines.
The data stolen from United includes passenger manifests, which identify flights’ passengers, origins and destinations. Combined with the OPM data, Bloomberg notes, that data could allow the attackers to monitor the travel patterns of U.S. government and military officials.
Sources told Bloomberg that there doesn’t appear to be any link between the breach and the grounding of United Airlines flights on July 8, 2015.
STEALTHbits channel marketing manager Jeff Hill told eSecurity Planet by email that the growing diversity of motives for cyber attacks is becoming alarming. “From disrupting the release of a movie at Sony, to a moral objection to an adultery website at Ashley Madison, gone are the days when hackers simply stole credit card numbers to make a quick buck,” he said. “Can we now add international espionage to that list?”
“Analyzing the travel habits of U.S. government personnel can somewhat harmlessly provide insight into the development of new alliances or business partnerships, but can also be an invaluable tool in the never-ending effort by intelligence agencies to compromise those with access to classified information,” Hill added.
And Splunk chief security evangelist Monzy Merza said by email that the United breach points to a new trend in cyber war. “More and more foreign governments are being connected to cyber attacks against private corporations in order to gain strategic advantage and influence important outcomes,” he said.
“This is uncharted territory from a policy perspective,” Merza added. “We can expect to see an escalation of these types of attacks across the globe. Mitigating these attacks will take greater visibility into organizational infrastructure and a policy component designed to deal with this evolving cyber war landscape.”
A recent eSecurity Planet article examined the future of cyber warfare.