Although the hackers did not gain access to systems that control train cars and rider safety was not at risk, transit officials said, adding that the intrusion appeared to have done little, if any, damage.
But a week after the agency learned of the attack, officials raised concerns that hackers could have entered those operational systems or that they could continue to penetrate the agency’s computer systems through a back door, the document also shows, reported The Washington Post.
Meanwhile, as per The Hill, Officials said that on April 20, the FBI, Cybersecurity Infrastructure Agency and the National Security Agency issued a joint alert that there was a zero day vulnerability — meaning no one knew the hack occurred at the time it happened.
CISA issued recommendations for fixes and patches, which the MTA implemented by the morning of April 21. MTA further said it engaged with IBM and Mandiant to perform a forensic audit.
Only three of MTA’s 18 different systems were impacted. No employee information was breached, and there is no impact to customers or contractors.
According to Rafail Portnoy, MTA’s Chief Technology Officer’s statement, the agency “quickly and aggressively” responded to this attack bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems.
“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” Portnoy continued.
The hack was part of a larger breach on multiple organizations and federal agencies that CISA first reported on April 20, official said.
Hackers breached multiple agencies by exploiting vulnerabilities in products from IT company Invanti’s Pulse Connect Secure.
CISA said at the time that it had been assisting compromised organizations since March 31. The hack itself was believed to have begun in June 2020 or earlier.
But according to The New York Times, MTA was affected by the breach, marking the third time the MTA had been breached.
According to the newspaper, the campaign involved two groups of hackers believed to be linked to China, one of which was likely operating on behalf of the Chinese government.