Airbus suffers data leak turbulence to cybercrooks' delight

Ransomware group nicked info from employee of airline, say researchers

Aerospace giant Airbus has fallen victim to a data breach, thanks in part to the inattention of a third party.

Israel-based cybercrime intelligence company Hudson Rock published evidence of the breach, later partially confirmed by Airbus.

According to Hudson Rock, a cybercriminal known as "USDoD" posted the personal information of 3,200 Airbus vendors on a hacking forum. Despite USDoD announcing their membership of the "Ransomed" ransomware group, the leak appeared to be a simple data dump.

Unusually for a cyber baddie, USDoD also explained how access had been obtained. In this instance, it was by exploiting employee access from a Turkish airline, according to researchers.

The team were able to use this information to trace the access back to a Turkish computer infected with info-stealing malware in 2023. Researchers then provided evidence that the computer "belongs to an employee of Turkish Airlines and contains third-party login credential details for Airbus."

An attempt to download an unauthorized version of the Microsoft .NET framework was blamed for the infection, which resulted in the installation of info-stealing malware on the victim's computer.

Airbus told The Register that it had launched an investigation, noting that an account associated with an Airbus customer had been attacked, although it did not confirm the identity of the customer. It said: "This account was used to download business documents dedicated to this customer from an Airbus web portal."

It went on: "Immediate remedial and follow-up measures were taken by our security teams to prevent our systems from being compromised."

The company told us that its position as "a major high tech and industrial player" made it a target for attack.

It added: "Airbus takes cybersecurity seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts and associated processes to protect the company by taking immediate & appropriate measures as and when needed."

We have asked Turkish Airlines for comment.

Be that as it may, the data breach is embarrassing and, since sensitive information may have been leaked, potentially bad news for the vendors involved.

The attacker claimed that Lockheed Martin and Raytheon could be the next targets.

The breach is a reminder of the threat posed by info-stealer malware. It highlights that regardless of how strong an organization's security might be, lax practices on the part of a partner, vendor or link in its supply chain can give attackers a potentially easy entry point. ®

More about


Send us news

Other stories you might like