PIA Official Database Hacked! Admin access for sale on Dark Web?



Image credits: Advanced User

Unofficial news resources reveal that A team of Israeli cyber threat researchers has revealed that Russian hackers have put the Pakistan International Airlines’ (PIA) network access and database on sale on the cyber underground.

Pakistan International Airlines (PIA) the national Airline of Pakistan under the administrative control of the Secretary to the Government of Pakistan for Aviation and was founded on 29 October 1946; 74 years ago. PIA is recently facing many crisis. first flight of PIA was crashed in 1956  Since then the airline has lost more than thirty aircraft in crashes and other events, including another twenty fatal crashes. There have also been at least eight hijacking incidents involving the airline’s aircraft between 1971 and 2017. (See accidents and incidents details on Wikipedia) 

According to InfoSecurity, a leading magazine on information security, a team at the darknet threat intelligence firm KELA spotted a threat actor offering the domain admin access to the airline for $4,000. The offer is still live on two Russian and one English dark web forums that KELA had been monitoring. Stationed in Tel Aviv, the firm tracks ransomware trends and identifies threats to international organizations and government setups.

KELA has not reported the incident to PIA due to the absence of diplomatic relations between the two countries and made it public through relevant mediums instead.

Speaking to the magazine on 9 November, a KELA spokesperson said that they have been tracking the threat actor who published the domain access for sale to PIA’s network last week. Most of the time, we’re seeing cyber-criminals purchase these initial accesses to gain an initial foothold into the victim’s network, from which they can then perform the lateral movement to advance their access privileges and potentially employ ransomware or some other type of attack.

A week later, the hackers also put all the databases in the airline’s network on sale. The cybercriminals posted a sample, which, according to them, carries ‘all the people’s information who use PIA, including names, last names, phone numbers, and passports’.

Our (Advanced User) Remarks:

Source of all the above mentioned information is based on an article published on Propakistani.pk check article here.  Propakistani’s publisher has said that the above mentioned news was published by Info Security and Kela (website and magazine). Whereas, our (Advanced User’s) checking and verifying the news has revealed that there is no post on Info Security website regarding hacking of PIA Database. PIA has not yet talkabout the news they did not acknowledge nor they denied.