Airbus reports data leak exposing third party suppliers

The European aerospace corporation, Airbus is investigating potential data breach indicating that an attacker actor had disclosed sensitive information about 3,200 of the company's suppliers, with this data purportedly being available on the dark web.

The incident came to light after an individual, operating under the alias "USDoD," shared their intrusion into an Airbus web portal on BreachForums. This access was allegedly achieved by compromising the account of an employee affiliated with a Turkish airline.

The hacker claimed to possess an extensive database containing details of numerous Airbus vendors, encompassing critical information such as

• names,
• physical addresses,
• phone numbers,
• email addresses.

An Airbus spokesperson confirmed that the company was actively investigating the breach. The breach involved an IT account linked to an Airbus customer, which had been employed to access and download specific business documents from an Airbus web portal. In response to this security incident, Airbus implemented remedial measures to safeguard its systems from further compromise.

The identity and motives of the threat actor are unknown. The individual, suspected to be connected to a previous breach of the FBI's InfraGard system in December 2022, publicly disclosed the stolen information without making any explicit demands. The actor also claimed affiliation with a relatively new ransomware group named "Ransomed."

Update - investigation of the incident concludes that the computer belongs to an employee of the Turkish airline whose account was breached had malware likely due to a pirated version of the Microsoft .NET framework. That malware stole the Airbus credentials