Data allegedly from the Aviation and Aerospace Component manufacturing leader, Airbus, was leaked on the dark web. A hacker going by the name USDoD posted samples of data they stole from the Airbus cyber attack.
The compromised information includes details from Airbus vendors, such as names, addresses, phone numbers, and more, which were publicly posted on a hacker forum.
Airbus, the European multinational aerospace corporation, is known for the manufacturing of commercial aircraft with separate divisions for defence, security, and space products and services.
The Cyber Express reached out to Airbus via email to inquire about the data breach involving their clients.
In response to the inquiries, a Media Relations Manager at Airbus issued the following statement:
“We are investigating information concerning a cyber event involving Airbus. As a major high-tech and industrial player, Airbus is also a target for malicious actors.”
Airbus takes cybersecurity seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts, and associated processes to protect the company by taking immediate & appropriate measures as and when needed. The event is under investigation so we cannot comment further at this stage.”
Details About the Airbus Cyber Attack
Alon Gal, Chief Technology Officer at cybercrime firm Hudson Rock, first posted about the Airbus data leak. The hacker allegedly has access to 3,200 Airbus vendor data, he stated.
Giving a glimpse of the previous acts of the hacker behind the Airbus cyber attack, Alon wrote, “Hacker Behind FBI Hack Leaks Sensitive Airbus Database (And how it was avoidable).”
The hacker, who is also a member of the breached forum, known as USDoD, claimed that they obtained access to the Airbus website by exploiting an employee’s access credentials.
When The Cyber Express inquired about how to prevent the account compromise, Alon said, “Monitoring for info-stealer infections is a critical aspect of preventing data breaches like the one experienced by Airbus.”
“By establishing a dedicated team or using a third-party service for continuous monitoring, companies can proactively seek out signs of info-stealer infections,” he added.
That employee was from a Turkish airline, whose account was further misused by USDoD to hack several Airbus client accounts. USDoD managed to access the following data through a series of account hacks that began with the Turkish airline employee account:
- Coverage area
- Department
- First and last name
- Job title
- Address
- Phone
- Fax
The hacker posted their profile link below the leaked sample data from the Airbus cyber attack. Following this, they made a mention of their next hack victim – ‘Lockheed Martin, Raytheon, and the entire defense contractors.’
Airbus Data Breach: Gaining Access Through an Employee Account
“USDoD reveals how they gained access to the data by accessing the Airbus credentials of a Turkish Airlines employee,” Alon noted in his LinkedIn post addressing the Airbus cyber attack.
“It’s worth noting that threat actors typically refrain from revealing their intrusion techniques, making this disclosure exceedingly rare,” he further explained.
Alon conducted a thorough investigation into the claims, leading to groundbreaking results. He examined the found data through services offered on the Hudson Rock Computer and Network Security platform as part of his research.
He found that a Turkish Airlines employee account was found to have given third-party access to Airbus systems. The employee was using the thy.com domain. This access was nearly the same time frame of the Airbus cyber attack making way to believe that this was the account used to hack Airbus vendors.
Moreover, Alon found that the employee account suffered an attack by an infostealer.
“The victim likely attempted to download a pirated version of the Microsoft .NET framework, as indicated in the malware path. Consequently, they fell victim to a threat actor utilizing the commonly employed RedLine info-stealing family,” stated the Hudson Rock blog.
Previous Attack by USDoD the Hacker
The hacker was found claiming another hack on the hacker forum as shown in the screenshot of the forum above. Cybersecurity researcher Brian Krebs posted the above screenshot from the hacker forum.
USDoD claimed the InfraGard cyber attack. InfraGard is a non-profit organization that works with the Federal Bureau of Investigation and members of the private sector to effectively maintain the sharing of intelligence and data.
Brian initiated contact with USDoD in an attempt to gather further details regarding the 2022 InfraGard data leak. Surprisingly, the hacker responded by revealing that they had accessed InfraGard systems by submitting an account application in the name of a Chief Executive Officer of a company.
They used all stolen data of the CEO including their name, Social Security Number, birthdate, and other personal information which increased their chances of looking legitimate to InfraGard, which they did.
USDoD also recently joined another ransomware group, Ransomed.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
