DALLAS — A threat actor and alleged ransomware operator known as USDoD has leaked data on over 3,000 suppliers of European aerospace manufacturer Airbus.
A report by Security Editor Alex Scroxton from computerweekly.com states that the leak comes from a breach that occurred after an alleged “ransomware operator going by the alias USDoD” gained unauthorized access to Airbus’s systems using a hacked customer account belonging to Turkish Airlines (TK).
Scroxton cites Hudson Rock, a cybersecurity firm, which confirmed that USDoD stole Airbus credentials after a TK employee infected their computer with a prevalent and powerful information-stealing trojan called RedLine.
The cybersecurity firm added that Airbus’s computer emergency response team (CERT) had confirmed to them that this was indeed the attack vector.
Comments from Airbus
An Airbus spokesperson said, “Airbus has launched an investigation into a cyber event during which an IT account associated with an Airbus customer has been attacked. This account was used to download business documents dedicated to this customer from an Airbus web portal.
Airbus also assured that the company’s security teams took “immediate remedial and follow-up measures” to prevent its systems from being compromised.
As a major high-tech and industrial player, Airbus is also a target for malicious actors. Airbus takes cyber security seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts, and associated processes to protect the company by taking immediate and appropriate measures as and when needed.Airbus
Exabeam senior director of international security strategy Samantha Humphries sums up the situation: “Supply chain attacks are a breed of insider threat that all organisations need to be planning for, as they are often a much easier route for cyber criminals to penetrate or circumnavigate defences.”
Featured image: Airbus