Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Chinese Government Suspected in Marriott Hack: Report

The massive Marriott data breach affecting as many as 500 million individuals may be the work of hackers sponsored by the Chinese government, Reuters learned from several people investigatin

The massive Marriott data breach affecting as many as 500 million individuals may be the work of hackers sponsored by the Chinese government, Reuters learned from several people investigating the incident.

Reuters’ sources said the hackers left behind some clues suggesting that the attack was part of an intelligence gathering operation conducted by the Chinese government. This assumption is based on the use of tools, techniques and procedures (TTPs) known to be associated with Chinese threat actors.

The potential involvement of the Chinese government in the breach suggests that the goal was espionage rather than financial gain.

However, Reuters’ sources admitted that since some of the hacking tools used in the attack are widely available, someone other than China could be behind the operation. Attribution is also made difficult by the fact that Marriott’s Starwood network had been compromised since 2014, which makes it more likely that several threat groups had access.

Marriott has refused to comment on the China attribution and representatives of the Chinese government reiterated that they oppose all types of cyberattacks.

China has been the main suspect in several high-profile attacks, including the massive breach disclosed by the U.S. Office of Personnel Management (OPM) in 2015.

Experts told Reuters that a cyber espionage operation could not be ruled out, especially judging by the duration of the campaign and the fact that the attackers managed to stay hidden for so long. Financially-motivated cybercriminals are typically more interested in obtaining the data quickly, even if their activities are more likely to be detected by the victim.

In January, China ordered Marriott to suspend its Chinese website and app for one week after a survey sent out by the company listed Tibet and Taiwan as countries – China says Tibet and Taiwan are its territory.

Advertisement. Scroll to continue reading.

Marriott revealed on November 30 that roughly 500 million individuals who had stayed at Starwood hotels may have had their personal information stolen by hackers. The attackers accessed names, addresses, phone numbers, email addresses, passport numbers, travel information and, in some cases, payment card data.

The hotel giant learned of the breach on September 8, when one of its internal security tools detected suspicious activity related to the Starwood guest reservation database. The investigation launched by the company revealed that the unauthorized access may have dated as far back as 2014.

Unsurprisingly, several lawsuits have been filed against Marriott over the data breach, by both customers and investors.

Related: Schumer Says Marriott Should Pay to Replace Hacked Passports

Related: Espionage, ID Theft? Myriad Risks From Stolen Marriott Data

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...