Secure your small business:
Apps → Data →

Airbus Launches Investigation After Hacker Leaks Data

September, 2023
Quick definition  ⓘ
Why it matters: This incident underscores the persistent cybersecurity threats faced by major organizations and the potential impact on personal data security.
22Billion
Number of data records exposed by cybersecurity breaches in 2021.https://www.riskbasedsecurity.com/2022/02/04/data-breach-report-2021-year-end/

Key Points

    Airbus has initiated an investigation following a data leak prompted by a hacker's claims of breaching the aerospace company's systems. The hacker, previously associated with the FBI breach and now part of a ransomware group, exposed personal information of around 3,200 individuals linked to Airbus vendors. The compromised data includes names, job titles, addresses, email addresses, and phone numbers. The attacker reportedly gained access through an employee's account at a Turkish airline, using information-stealing malware.
© Gordon Tipene | Dreamstime.com

Quick Read

French aerospace giant Airbus is conducting an investigation into a recent data breach after a hacker, using the moniker 'USDoD,' claimed to have successfully infiltrated the company's systems and subsequently leaked sensitive business documents. This breach highlights the ever-present cybersecurity challenges faced by large corporations and the potential implications for data security.

The hacker, USDoD, who had previously boasted about breaching the FBI's InfraGard database—an information repository for 80,000 individuals, including business leaders, IT professionals, and government and law enforcement officials—declared earlier this month that they had successfully targeted Airbus.

In their most recent cybercrime endeavor, USDoD revealed that they had accessed the personal information of approximately 3,200 individuals affiliated with Airbus vendors. This compromised data included personal details such as names, job titles, addresses, email addresses, and phone numbers. The hacker claimed to have gained access to Airbus systems through a compromised account linked to an employee of a Turkish airline.

Airbus confirmed this as the attack vector to cybersecurity intelligence firm Hudson Rock, which has been monitoring the situation closely. Hudson Rock's investigation revealed that the attacker likely obtained the airline employee's Airbus system credentials with the help of information-stealing malware.

This type of malware is designed to harvest a vast amount of credentials from infected computers. Subsequently, the operators of such malware often sell these stolen credentials to other threat actors. In the case of the Airbus breach, Hudson Rock suggested that the employee might have inadvertently infected their device with RedLine malware while downloading a pirated version of .NET, a programming framework commonly used for software development.

Hudson Rock emphasized the growing significance of credentials acquired through info-stealer infections as an initial attack vector for cybercriminals. These stolen credentials provide easy entry points into organizations, opening the door to potential data breaches and ransomware attacks. The cybersecurity firm routinely analyzes data obtained from such info-stealers, which have been observed stealing credentials for hacker forums as well.

In response to the breach, an Airbus spokesperson provided a statement to SecurityWeek, explaining, "Airbus has launched an investigation into a cyber event during which an IT account associated with an Airbus customer has been attacked. This account was used to download business documents dedicated to this customer from an Airbus web portal."

The spokesperson further stated, "Immediate remedial and follow-up measures were taken by our security teams to prevent our systems from being compromised."

This breach underscores the necessity for organizations to remain vigilant and invest in robust cybersecurity measures to safeguard their data and systems against increasingly sophisticated cyber threats. It also serves as a stark reminder that cybersecurity is a shared responsibility, with employees and their behavior playing a critical role in the overall security posture of an organization.

Further Reading

—Jess Hofmann

Need Data Breach solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.

 

Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
SSO, CASB, and DLP with Real-Time Passive Authentication

More to Know

Quick Definition

A Data Breach is a situation in which information security has failed, enabling sensitive data of any kind to be accessed by unauthorized individuals despite whatever protections were in place. Data breaches have become a particular concern in recent years because such stolen data is often subsequently distributed widely, in particular on the dark web, where it is often aggregated and sold for illicit activity, identity theft, or further cyberattacks of various kinds.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.