VPNs Used by Airbus Suppliers Hacked; Attackers Were After Aerospace Giant’s Sensitive Data

VPNs Used by Airbus Suppliers Hacked; Attackers Were After Aerospace Giant's Sensitive Data
02 Oct

According to recent reports, a major European aerospace giant, Airbus, has been hit by an entire series of hacking attacks. The attackers did not target the company directly, but instead, they approached it by targeting the VPNs of its suppliers.


Airbus under a series of attacks

Airbus has been a rather tempting target for hackers around the world for a number of reasons. As all major aerospace giants, the company uses advanced technologies that the attackers are interested in. In addition, the company is also a military supplier, as well as one of the largest commercial plane makers in the world.

All of this combined made Airbus very attractive to attackers, which have been trying to break through its defenses for at least a year. During this time, the firm was targeted as many as four times. The company’s officials admitted that Airbus suffered a security incident earlier this year, in January.

Back then, the company suffered a data breach, although the sources familiar with the incident had stated that this was a part of a significantly larger hacking campaign, that mostly took place back in 2018.

As mentioned, the hackers have found an alternative way of hacking the company, and rather than targeting it directly – they do so through different routes. One of these alternative ways led through Rolls-Royce, which is partnered with Airbus, and acts as the engine maker for the firm. Rolls-Royce is also not the only one. According to available sources, the attackers tried to access Airbus’ sensitive data through other contractors, including the France-based tech supplier known as Expleo, as well as at least two other French firms, which remain unknown.

According to those familiar with the attacks, they appear to have been rather sophisticated. Additionally, the hackers seem to have started this campaign a long time ago. The attack on Expleo is known to have happened in late 2018, although some anonymous sources claimed that the company had been compromised even earlier than that. However, there is little doubt about the real target of the attacks, and it all seems to point towards Airbus.


Hackers chose an indirect approach

Attackers were, apparently, mostly focusing on VPN technology used by these contractors. Typically, VPN is used for protecting the privacy of its user, as well as for granting them anonymity, and for hiding their activities online. The increased levels of security and privacy that come from the use of this technology make it attractive to major companies that use it to communicate in a secure way.

This is an often-used method for discussing business while ensuring that the company’s secrets would not be intercepted. However, companies also use this technology to provide their contractors with remote access to their systems. This is the case between Airbus and Expleo, as well as Rolls-Royce, and others that were targeted.

Allegedly, since Airbus’ defenses were too strong to overcome – these partnering firms were easier to crack. As Airbus’ suppliers, Expleo and other firms had certain technical documentation regarding Airbus, the certification processes for different parts of its plains, and alike. Hackers then targeted aerospace giant’s partners, and stolen this sensitive information.

Apparently, the stolen data also includes documents in regard to the engines of Airbus A400M, which is actually not a commercial plane, but a military transport aircraft.


Attackers have yet to be identified

While the attacks are being investigated, neither the security researchers nor the authorities have revealed which party is responsible for the attacks. As always, there are certain suspicions, most of which presume that Chinese hackers are to blame, especially since their efforts to breach the security of various companies, and steal their sensitive data is well-known.

For now, there is not enough evidence to support these claims, however, which is why none of them have been made publicly at this time. Even so, groups like JSSD or the state-backed APT10 are currently the main suspects.


No Comments

Post A Comment