French aerospace giant Airbus is conducting an investigation into a recent data breach after a hacker, using the moniker 'USDoD,' claimed to have successfully infiltrated the company's systems and subsequently leaked sensitive business documents. This breach highlights the ever-present cybersecurity challenges faced by large corporations and the potential implications for data security.
The hacker, USDoD, who had previously boasted about breaching the FBI's InfraGard database—an information repository for 80,000 individuals, including business leaders, IT professionals, and government and law enforcement officials—declared earlier this month that they had successfully targeted Airbus.
In their most recent cybercrime endeavor, USDoD revealed that they had accessed the personal information of approximately 3,200 individuals affiliated with Airbus vendors. This compromised data included personal details such as names, job titles, addresses, email addresses, and phone numbers. The hacker claimed to have gained access to Airbus systems through a compromised account linked to an employee of a Turkish airline.
Airbus confirmed this as the attack vector to cybersecurity intelligence firm Hudson Rock, which has been monitoring the situation closely. Hudson Rock's investigation revealed that the attacker likely obtained the airline employee's Airbus system credentials with the help of information-stealing malware.
This type of malware is designed to harvest a vast amount of credentials from infected computers. Subsequently, the operators of such malware often sell these stolen credentials to other threat actors. In the case of the Airbus breach, Hudson Rock suggested that the employee might have inadvertently infected their device with RedLine malware while downloading a pirated version of .NET, a programming framework commonly used for software development.
Hudson Rock emphasized the growing significance of credentials acquired through info-stealer infections as an initial attack vector for cybercriminals. These stolen credentials provide easy entry points into organizations, opening the door to potential data breaches and ransomware attacks. The cybersecurity firm routinely analyzes data obtained from such info-stealers, which have been observed stealing credentials for hacker forums as well.
In response to the breach, an Airbus spokesperson provided a statement to SecurityWeek, explaining, "Airbus has launched an investigation into a cyber event during which an IT account associated with an Airbus customer has been attacked. This account was used to download business documents dedicated to this customer from an Airbus web portal."
The spokesperson further stated, "Immediate remedial and follow-up measures were taken by our security teams to prevent our systems from being compromised."
This breach underscores the necessity for organizations to remain vigilant and invest in robust cybersecurity measures to safeguard their data and systems against increasingly sophisticated cyber threats. It also serves as a stark reminder that cybersecurity is a shared responsibility, with employees and their behavior playing a critical role in the overall security posture of an organization.
A Data Breach is a situation in which information security has failed, enabling sensitive data of any kind to be accessed by unauthorized individuals despite whatever protections were in place. Data breaches have become a particular concern in recent years because such stolen data is often subsequently distributed widely, in particular on the dark web, where it is often aggregated and sold for illicit activity, identity theft, or further cyberattacks of various kinds.