Foreign hackers stole Flight MH370 data from investigators

The day after the crash of Malaysia Airlines Flight MH370 hackers stole classified data from the computers of senior officials involved in the investigation.

Just after the incident occurred to the Malaysian Airlines Flight MH370 a spear phishing attack targeted 30 government officials and bad actors have stolen classified documents relating to the missing Flight MH370.

The computers of high-ranking officials in agencies involved in the MH370 investigation were hacked and classified information was stolen.” reported the The Malaysian Star.

Around 30 computers were infected by a malware inoculated through a PDF document which appeared to be a news report about the incident occurred to the Flight MH370.

Flight MH370 2

The cyber attack occurred the day after the Flight MH370 crashed, the document was sent to a group of investigators, the stolen data was allegedly being sent to a computer in China before CyberSecurity Malaysia has detected the theft and interrupted the communication with the C&C server.

“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” “Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the Flight MH370 investigation.” CyberSecurity Malaysia chief exec Dr Amirudin Abdul Wahab said.

The Department of Civil Aviation, the National Security Council and Malaysia Airlines were some of the victims of the cyber attack, despite the security experts identified the infected machine and shut down them, a “significant amounts” of data on the incident occurred to the Flight MH370 had been stolen.

The malware used by attackers was able to evade detection of most popular antivirus programs, this particular led to believe that threat actors are state-sponsored hackers or anyway have high skills.

“This was well-crafted malware that antivirus programs couldn’t detect. It was a very sophisticated attack,” Amirudin said.

Experts at CyberSecurity Malaysia speculated that hackers were searching for alleged “secret” information on Flight MH370 hidden by the Malaysian authorities.

“At that time, there were some people accusing the Government of not releasing crucial information,” “But everything on the investigation had been disclosed.” Amirudin said.

Despite China always denied to have hacked the Malesyan systems, experts consider the Government of Bejing the culprit for the attack because it was searching for information alleged hidden by the Malaysian government.

Of the 239 people travelling on the Flight MH370 152 were Chinese citizens, for this reason, China was within the counties that most of all requested transparency on the incident.

Pierluigi Paganini

(Security Affairs – Flight MH370, cyber espionage)