Data allegedly stolen from Airbus, a leading aviation and aerospace component manufacturing company, has been leaked on the dark web. The hacker, who goes by the name USDoD, disclosed samples of the stolen data on a hacker forum. The compromised information includes details from Airbus vendors, such as names, addresses, phone numbers, and more.
Airbus is a European multinational aerospace corporation known for its manufacturing of commercial aircraft and its separate divisions for defense, security, and space products and services. The Cyber Express reached out to Airbus via email to inquire about the data breach and is awaiting their response for further updates on the incident.
Alon Gal, the Co-founder and CTO of Hudson Rock, a cybercrime intelligence company, was the first to report the Airbus data leak. According to Gal, the hacker claimed to have access to 3,200 Airbus vendor data. Gal shared screenshots of the breach forum post made by USDoD, highlighting the seriousness of the situation.
In his LinkedIn post, Gal provided some insight into the hacker’s previous activities. He revealed that the hacker was responsible for hacking into the FBI and leaking sensitive Airbus database information. The hacker, who is also a member of the breached forum, disclosed that they gained access to the Airbus website by exploiting an employee’s access credentials.
The targeted employee was from a Turkish airline, and their account was further misused by USDoD to hack several Airbus client accounts. Through a series of account hacks that started with the Turkish airline employee account, USDoD managed to access information such as coverage area, department, first and last name, job title, address, phone, fax, and email of the compromised accounts. The hacker even posted their profile link below the leaked sample data, indicating their malicious intent.
USDoD also mentioned in their post that their next target is “Lockheed Martin, Raytheon, and the entire defense contractors.” This raises concerns about potential future cyber attacks on major defense contractors and the potential ramifications.
Alon Gal’s investigation into the claims made by USDoD revealed groundbreaking results. He found that a Turkish Airlines employee account had given third-party access to Airbus systems. The employee was using the thy.com domain, and this access coincided with the timeframe of the Airbus cyber attack. It strongly suggests that this particular account served as the entry point for the hacker to breach Airbus vendors’ data. Additionally, Alon discovered that the employee account had been attacked by an infostealer, which further supports the conclusion that this account was used for the hack.
This is not the first time USDoD has been involved in cyber attacks. They have previously claimed responsibility for the InfraGard cyber attack. InfraGard is a non-profit organization that collaborates with the Federal Bureau of Investigation and the private sector to share intelligence and data. USDoD gained access to InfraGard systems by submitting an account application in the name of a company’s Chief Executive Officer. They used the stolen personal information of the CEO, including their name, Social Security Number, and birthdate, to appear legitimate.
Recently, USDoD has also joined a ransomware group called Ransomed, which raises concerns about their involvement in future cyber attacks and potential threats to organizations’ data security.
It is important to note that this report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users are responsible for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.