Data allegedly from the Aviation and Aerospace Component manufacturing leader, Airbus, was leaked on the dark web. A hacker going by the name USDoD posted samples of data they stole from the Airbus cyber attack.
The compromised information includes details from Airbus vendors, such as names, addresses, phone numbers, and more, which were publicly posted on a hacker forum.
Airbus, the European multinational aerospace corporation, is known for the manufacturing of commercial aircraft with separate divisions for defence, security, and space products and services.
The Cyber Express reached out to Airbus via email to inquire about the data breach involving their clients. We will provide further updates on this report once we receive their response.
Details About the Airbus Cyber Attack
Alon Gal, Co-founder and CTO at the cybercrime intelligence company Hudson Rock, first posted about the Airbus data leak. The hacker allegedly has access to 3,200 Airbus vendor data, he stated.
Giving a glimpse of the previous acts of the hacker behind the Airbus cyber attack, Alon wrote, “Hacker Behind FBI Hack Leaks Sensitive Airbus Database (And how it was avoidable).”
The hacker, who is also a member of the breached forum, known as USDoD, claimed that they obtained access to the Airbus website by exploiting an employee’s access credentials.
That employee was from a Turkish airline, whose account was further misused by USDoD to hack several Airbus client accounts. USDoD managed to access the following data through a series of account hacks that began with the Turkish airline employee account:
- Coverage area
- Department
- First and last name
- Job title
- Address
- Phone
- Fax
The hacker posted their profile link below the leaked sample data from the Airbus cyber attack. Following this, they made a mention of their next hack victim – ‘Lockheed Martin, Raytheon, and the entire defense contractors.’
Airbus Data Breach: Gaining Access Through an Employee Account
“USDoD reveals how they gained access to the data by accessing the Airbus credentials of a Turkish Airlines employee,” Alon noted in his LinkedIn post addressing the Airbus cyber attack.
“It’s worth noting that threat actors typically refrain from revealing their intrusion techniques, making this disclosure exceedingly rare,” he further explained.
Alon conducted a thorough investigation into the claims, leading to groundbreaking results. He examined the found data through services offered on the Hudson Rock Computer and Network Security platform as part of his research.
He found that a Turkish Airlines employee account was found to have given third-party access to Airbus systems. The employee was using the thy.com domain. This access was nearly the same time frame of the Airbus cyber attack making way to believe that this was the account used to hack Airbus vendors.
Moreover, Alon found that the employee account suffered an attack by an infostealer. “This is almost certainly the access that was used for the hack,” Alon concluded.
Previous Attack by USDoD the Hacker
The hacker was found claiming another hack on the hacker forum as shown in the screenshot of the forum above. Cybersecurity researcher Brian Krebs posted the above screenshot from the hacker forum.
USDoD claimed the InfraGard cyber attack. InfraGard is a non-profit organization that works with the Federal Bureau of Investigation and members of the private sector to effectively maintain the sharing of intelligence and data.
Brian initiated contact with USDoD in an attempt to gather further details regarding the 2022 InfraGard data leak. Surprisingly, the hacker responded by revealing that they had accessed InfraGard systems by submitting an account application in the name of a Chief Executive Officer of a company.
They used all stolen data of the CEO including their name, Social Security Number, birthdate, and other personal information which increased their chances of looking legitimate to InfraGard, which they did.
USDoD also recently joined another ransomware group, Ransomed.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.