Transportation (Includes Logistics, Shipping, Maritime, Rail, Trucking)


DoDDS Attack at Russian Flight Booking System, Leonardo, Disrupts Airport Operations

September 28, 2023

A Russian flight booking system was hit by a cyberattack on Thursday, causing delays at airports. The incident lasted about an hour and affected the operation of several Leonardo customers, including Russian air carriers Rossiya Airlines, Pobeda and flagship airline Aeroflot. DDoS attacks overwhelm websites with a flood of traffic, making them temporarily unavailable to users.

Leonardo is used by more than 50 Russian carriers and serves around 45 million passengers annually, according to the Russian news agency Interfax.

read more

Travel Booking Giant Sabre Investigating Claims of a 1.3TB Data Breach

July 20, 2023

Travel booking giant Sabre said it was investigating claims of a cyberattack after a tranche of files purportedly stolen from the company appeared on an extortion group’s leak site. The Dunghill Leak group claimed responsibility for the apparent cyberattack in a listing on its dark web leak site, alleging it took about 1.3 terabytes of data, including databases on ticket sales and passenger turnover, employees’ personal data and corporate financial information.

Sabre is a travel reservation system and major provider of air passenger and booking data. Many U.S. airlines and hotel chains rely on the company’s technology.

read more

$1M Ransom Demanded of Auckland Transport

September 13, 2023

The Auckland Transport (AT) transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services. The company announced that it is experiencing issues with its HOP services (integrated ticketing and fares system).

Auckland Transport dismissed a claim by Medusa hacker group, that it will release data at 8pm Tuesday from the agency’s ticketing system. AT said it would not be engaging, and believed no financial data had been lost.

read more

UK based KNP Logistics Business Shuts Down: 700 Jobs lost

June 15, 2023

KNP Logistics Group will be forced to make over 700 employees redundant. According to the administrators, a “major ransomware attack … affected key systems, processes and financial information. This adversely impacted on the financial position of the Group and ultimately, its ability to secure additional investment and funding.” The incident is a rare public example of the existential threat that experts warn ransomware can pose to businesses.

Only the group’s Nelson Distribution business will survive after being sold, saving 170 jobs. KNP was formed out of a 2016 merger between Nelson Distribution and Knights of Old, a haulage business that dated back to 1865. The group was originally compromised in June 2023 by the Akira ransomware collective. However, it’s unclear whether it was able to access a decryptor for the ransomware released by Avast in July.

read more

Belt Railway Company Investigates Data Theft

September 7, 2023

The largest switching and terminal railroad in the U.S. is investigating the theft of data by a ransomware group. Operating about 28 miles of railroads, the company allows its owners to bring their trains to the headquarters where they are separated and reorganized. They also provide services to more than 100 local manufacturing companies that ship products across North America.

On Thursday evening, the Akira ransomware gang added the company to its leak site, claiming to have stolen 85 GB of data.

Christopher Steinway, general counsel of Belt Railway, told Recorded Future News that it recently became aware that “a threat actor group posted on its website that it had obtained certain company information.”

“The event did not impact our operations. We have engaged a leading cybersecurity firm to investigate the incident and are working with federal law enforcement,” Steinway said.

“Our investigation remains ongoing.”

read more

Polish Railways Hack Paralyzed Freight and Passenger Trains

August 26, 2023

Poland’s national railway’s communications network attack halted 20 trains across the country and paralyzed traffic for hours over the weekend, according to Poland’s railway infrastructure operator. The suspects, who are Polish citizens aged 24 and 29, were arrested near the border with Belarus. RMF radio reported that one of the suspects is allegedly a police officer in Bialystok. On Tuesday, Polish police announced the suspension of one of its officers in the area, but gave few additional details.

The saboteurs were able to paralyze the trains — both freight and passenger — across the country by simply sending “stop” commands via radio frequency to the trains they targeted. The attackers also played the Russian national anthem and parts of a speech by Russian president Vladimir Putin on the railway’s radio. Polish trains use a radio system that lacks encryption or authentication, making them vulnerable to such hacks.

read more

US Largest Freight Transportation Companies Impacted by ORBCOMM Software Outage

September 6, 2023

New Jersey-based ORBCOMM, one of the biggest providers of software for the trucking industry, acknowledged a ransomware attack after reports emerged of issues that customers had with its products.
An ORBCOMM executive confirmed the attack to Recorded Future News but would not say which ransomware group was behind the incident or whether a ransom would be paid.Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is behind recent service outages preventing trucking companies from managing their fleets.

ORBCOMM is a solutions provider for freight companies to manage fleets and track transported assets. The company also provides Electronic Logging Devices (ELD) that truckers use to log their hours to adhere to federal safety regulations. The department granted an extension to all carriers using ELD models from ORBCOMM, allowing drivers to use paper logs while the system is down. Outage has impacted some of the country’s largest freight transportation companies as they cannot track their fleets and inventory.

read more

British Airways also Breached by MOVEit Software Hack (Zellis)

June 7, 2023

British Airways (BA), the BBC, Ofcom and Boots were among a number of organisations that were reportedly victims of a major recent cyber-attack, resulting in the breach of numerous staff details. The stolen data is said to include staff names, staff ID numbers and national insurance numbers (although, importantly, not banking details).

The recent attack was against a piece of software called Moveit, which is used to transfer computer files from one location to another. It involved what’s called a “zero-day exploit”, a piece of computer code that takes advantage of a previously unknown vulnerability.
This allowed hackers to compromise Zellis, a trusted supplier of services to BA, the BBC, Boots and others. Zellis confirmed a “small number” of customers had been affected, adding that it had disconnected the server using Moveit as soon as it became aware of the incident.

Since Zellis is the main payroll service provider to these organisations, it is easy to trace how this incident started. Responsibility for the attack was claimed by the Russia-linked “cl0p” group, which has since issued an ultimatum to the affected organisations – asking for money unless they want the stolen data to be released on the dark web.

read more

Hacktivists Take Down Multiple Japanese Government Websites

September 6, 2022

A pro-Russia hacker group has claimed to be involved in attacks on Japanese government and company websites.

The DDoS attack on the e-Gov website shut down the site for a few hours on Sept. 6. It then became inaccessible again around noon on Sept. 7 until early morning, Sept. 9. The e-Gov website allows users to request disclosure of administrative documents and provides information on laws and regulations. The site receives about 7.8 million hits a day.

In addition, between Sept. 6 and 9, the attacks made 23 government websites temporarily inaccessible. These sites belonged to the Digital Agency, the Internal Affairs and Communications Ministry, the Education, Culture, Sports, Science and Technology Ministry and the Imperial Household Agency. Some sites of credit card business JCB Co. were inaccessible, while websites of social media company mixi, Inc. were also hard to access.

On September 6, 2022, the website of the Nagoya Port Authority was unreachable for about 40 minutes.

read more

Container Processing Halted at The Port of Nagoya

July 4, 2023

The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack. The attack occurred around 6:30AM on July 4. A notice was issued reporting a malfunction in the “Nagoya Port Unified Terminal System” (NUTS), the central system controlling all container terminals in the port.

The attack held up shipments of Toyota auto parts containers for two days, but the port reopened Thursday morning.
All container loading and unloading operations at the terminals using trailers were canceled, causing massive financial losses to the port and severe disruption to the circulation of goods to and from Japan. LockBit 3.0 was confirmed as the attacker.

read more