Airbus has launched an investigation after a hacker leaked data allegedly stolen from the French aerospace big’s techniques.
Cybercrime intelligence agency Hudson Rock reported on Tuesday {that a} hacker who makes use of the net moniker ‘USDoD’ claimed earlier this month on a cybercrime discussion board that they’d hacked Airbus.
The identical hacker beforehand claimed to have breached the FBI’s InfraGard database, which shops data on 80,000 individuals, together with enterprise leaders, IT professionals, and navy, regulation enforcement, and authorities officers.
The hacker, who just lately introduced becoming a member of an rising ransomware group, apparently obtained the non-public data of three,200 individuals related to Airbus distributors, together with Rockwell Collins and Thales. The compromised information consists of names, job titles, addresses, e mail addresses, and cellphone numbers.
The attacker mentioned they’d gained entry to Airbus techniques utilizing a compromised account belonging to an worker at a Turkish airline. Airbus confirmed to Hudson Rock that this was certainly the assault vector.
The cybersecurity agency’s investigation confirmed that the hacker obtained the focused airline worker’s credentials for Airbus techniques with the help of malware.
Data-stealing malware collects huge quantities of credentials from contaminated computer systems, and the malware operators then promote these credentials to others. On this case, Hudson Rock decided that the worker doubtless received their system contaminated with RedLine malware after downloading a pirated model of .NET.
“Credentials obtained from info-stealer infections, which have turn into the first preliminary assault vector lately, present risk actors with simple entry factors into firms, facilitating data breaches and ransomware assaults,” Hudson Rock mentioned.
The security agency frequently analyzes information obtained by such info-stealers, which have additionally been noticed stealing hacker discussion board credentials.
In an announcement offered to information.killnetswitch, an Airbus spokesperson mentioned, “Airbus has launched an investigation right into a cyber occasion throughout which an IT account related to an Airbus buyer has been attacked. This account was used to obtain enterprise paperwork devoted to this buyer from an Airbus net portal.”
“Fast remedial and follow-up measures had been taken by our security groups to forestall our techniques from being compromised,” the spokesperson added.