Chinese hackers attacked NYC MTA using Pulse Secure zero-day


In April, Chinese threat actors used a Pulse Secure zero-day to compromise New York City’s Metropolitan Transportation Authority (MTA) network.


However, they were unable to cause any data loss or get access to the transportation fleet’s control systems.


While the attackers broke into various MTA computer systems, they were unable to get access to staff or customer information, according to Rafail Portnoy, MTA’s Chief Technology Officer.


The MTA reacted promptly to the hack, hiring Mandiant, a top cybersecurity firm, to conduct forensic assessments.


There was no evidence of an impact on operational systems, no breach of employee or customer information, no data loss, and no alterations to critical systems, according to the corporation.


The MTA is North America’s largest public transit system, servicing over 15.3 million people in a 5,000-square-mile travel area around New York City.


MTA New York City Transit, MTA Bus, MTA Long Island Rail Road, Metro-North Railroad, and MTA Bridges and Tunnels are among the transit authority’s several transportation agencies.


Metropolitan Transportation Authority patched the flaw on April 21, a day after Pulse Secure issued an advisory, and CISA issued an alert about the Pulse Secure zero-day exploited in the assault.


The attackers’ attempts to move via the network were also blocked by existing security mechanisms.


The MTA’s existing multi-layered security systems prevented the attack from spreading, according to Portnoy, and they are continuing to enhance those comprehensive systems and remain attentive as cyber-attacks become a major global concern.



The breach, according to Metropolitan Transportation Authority authorities, was the third in recent years on the transportation authority’s network, MTA officials told NYTimes.


On April 20, cybersecurity firm FireEye disclosed that at least two Chinese-backed threat actors were actively exploiting a zero-day vulnerability to distribute 16 malware families.


The malware is specifically designed to infect Pulse Secure VPN appliances and is used to get long-term network access, collect credentials, and steal data.



Also read: Hackers take advantage of an unpatched Pulse Secure VPN Zero-Day vulnerability to gain access to organizations


You might also like: Necro Python bot enhanced with new VMWare, server exploits


You might also like: Fujifilm ransomware attack: shuts down parts of its network globally


You might also like: Norton 360 antivirus to allow you to mine Ethereum crypto


You might also like: Fancy Product Designer – WordPress plugin zero-day vulnerability found