USA- An individual operating under the alias USDoD, suspected of being involved in ransomware activities, has exposed data related to more than 3,000 suppliers of the aviation giant Airbus.
This breach allegedly occurred through the unauthorized access of a customer account linked to Turkish Airlines (TK).
Airbus Suppliers Data Leaked
Hudson Rock, the first to detect this incident, noted that USDoD had previously gained some notoriety when they offered a dataset claimed to be obtained from the FBI’s InfraGard system on an underground forum called Breached in late 2022.
After authorities shut down Breached, USDoD and other users migrated to a forum called BreachedForums. Then, USDoD made two separate posts on this forum in early September.
One post indicated that they had joined a new ransomware group called Ransomed, while the other post contained personal information about employees of around 3,200 suppliers working with Airbus.
This dataset is believed to contain sensitive information about numerous organizations, including names, addresses, contact details, and well-known ones such as Rockwell Collins and Thales.
According to Hudson Rock, USDoD also claimed to have intentions to target Lockheed Martin and Raytheon.
Hudson Rock was able to verify USDoD’s assertion that they gained access to Airbus through a compromised Turkish Airlines account. The initial victim appears to have attempted to download a pirated version of the Microsoft .NET framework.
However, their actions led to their infection with the RedLine infostealer, which enabled the theft of their credentials. These stolen credentials were subsequently used to infiltrate Airbus’s systems.
“In the cybercrime landscape, infostealer infections have experienced an astonishing surge of 6,000% since 2018, making them the predominant initial attack vector employed by threat actors to breach organizations and carry out cyberattacks, including ransomware incidents, data breaches, unauthorized account access, and corporate espionage,” explained researchers at Hudson Rock.
Official Investigation
An Airbus representative stated, “Airbus is conducting an inquiry into a cybersecurity incident in which an IT account linked to an Airbus customer was targeted. This account was utilized to retrieve business documents specifically intended for this customer from an Airbus web portal.
“Our security teams promptly implemented corrective and follow-up actions to prevent any compromise of our systems,” they further commented.
“As a prominent high-tech and industrial entity, Airbus is a potential target for malicious individuals. Airbus maintains a strong commitment to cybersecurity and regularly monitors activities on its IT systems. The company employs robust security tools, skilled cybersecurity experts, and established protocols to safeguard its operations. Immediate and appropriate measures are taken as necessary to protect the company,” the spokesperson concluded.
Expert Insights
Samantha Humphries, Senior Director of International Security Strategy at Exabeam, emphasized the importance of preparing for supply chain attacks, which are a specific type of insider threat that organizations should include in their security planning.
These attacks often provide cybercriminals with a relatively easy way to breach or bypass existing defenses.
Humphries stressed that while the details of contracts are crucial, security leaders should actively participate in discussions regarding supplier risk during due diligence processes. Furthermore, organizations should establish processes and monitoring mechanisms to detect and respond to supply chain attacks.
Humphries noted that dealing with supplier risk is an essential aspect of conducting business, and it should be viewed as a means to enhance business operations while addressing risk and compliance requirements. Unfortunately, these types of attacks remain lucrative for adversaries.
Therefore, comprehensive preparations, including tabletop exercises, credential monitoring, and breach response planning, must encompass considerations related to third- and fourth-party suppliers.
Stay tuned with us. Further, follow us on social media for the latest updates.
Join us on Telegram Group for the Latest Aviation Updates. Subsequently, follow us on Google News.
