Industrial Cyber Attacks
Transportation
Uncategorized

Targeting Aircraft – Airbus Suppliers Under Fire

September 26, 2019
Critical Infrastructure Protection – A Beginners’ Guide

Chinese hackers are suspected of targeting aircraft manufacturer Airbus’ suppliers for commercial secrets

According to a recent report by international news agency AFP, over the past 12 months European aerospace company Airbus was hit by several cyberattacks. The suspected Chinese hackers allegedly targeted the aerospace vendor’s suppliers for commercial secrets.

There have been four attacks on Airbus suppliers over the last year, according to AFP. One occurred earlier this year in January. In a statement at the time, Airbus said some of its systems were breached in the cyber attack:

“Airbus SE (stock exchange symbol: AIR) detected a cyber incident on Airbus “Commercial Aircraft business” information systems, which resulted in unauthorized access to data. There is no impact on Airbus’ commercial operations.

This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins.

Investigations are ongoing to understand if any specific data was targeted, however, we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe.

The company is in contact with the relevant regulatory authorities and the data protection authorities pursuant to the GDPR (General Data Protection Regulation). Airbus employees are being advised to take all necessary precautions going forward.”

Airbus is one of the largest commercial plane manufacturers in the world, holding a number of military contracts.

The company’s targeted suppliers include British engine-maker Rolls-Royce and the French technology consultancy Expleo. The Expleo attack was uncovered at the end of 2018, but according to AFP the company’s system had already been compromised for some time. The hackers apparently targeted the system’s virtual private network (VPN), which allows employees to access company systems remotely.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

The AFP report speculates that the hackers were interested in technical documents linked to the certification process for different parts of Airbus aircrafts. They stole documents referencing engines of the A400M Airbus military transport plane. The hackers also targeted Airbus’ propulsion systems and avionics systems for its A350 passenger jet.

While AFP’s security sources couldn’t confirm the source of the attacks, they said the hackers resembled several groups linked to Chinese intelligence. Potential suspects include a group of hackers linked to the Chinese Communist Party, known as APT10 and a group of hackers known as JSSD, which are believed to operate under the regional security ministry in Jiangsu.

This wouldn’t be the first time JSSD hackers targeted the aerospace industry. Last October, the United States Department of Justice claimed several JSSD officers were responsible for a hacking operation targeting an engine being developed by U.S.-based General Electric and French aerospace group Safran.

“Chinese intelligence officers and those working under their direction, which included hackers and co-opted company insiders, conducted or otherwise enabled repeated intrusions into private companies’ computer systems in the United States and abroad for over five years,” the Justice Department said in a statement. “The conspirators’ ultimate goal was to steal, among other data, intellectual property and confidential business information, including information related to a turbofan engine used in commercial airliners.”

However China has rejected allegations tying it to the Airbus attacks.  “In recent years, there have been many reports about cyberattacks in the media. In these reports, without any evidence, the parties concerned always pin the label of cyberattack on China and smear China,” foreign ministry spokesman Geng Shuang said at a news briefing on Sept. 27. “The practice is neither professional nor responsible, and even has ulterior motives.”

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats