For the past few years, a Chinese hacking group has been targeting the airline industry to obtain passenger data. Their goal was to track the movement of person of interest. The threat actor responsible has been given the name Chimera.
The groups activities were first reported in 2020, and are thought to be nation state actors. The NCC Group and Fox-IT compiled a report, which was published last week, that claims the intrusions are broader than initially believed.
“The goal of targeting some victims appears to be to obtain Passenger Name Records (PNR),” the two companies said. “How this PNR data is obtained likely differs per victim, but we observed the usage of several custom DLL files used to continuously retrieve PNR data from memory of systems where such data is typically processed, such as flight booking servers.”