According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as names, phone numbers, and email addresses.
In addition, the perpetrator behind the recent attack announced their intention to target Lockheed Martin and Raytheon in upcoming attacks. The actor, known as “USDoD,” had previously sold the FBI’s sharing system database, InfraGrad, in December 2022.
From “Breached” Forum to “BreachForum”
“USDoD” posted the sale of the InfraGrad database in the formerly renowned “Breached” forum in December 2022, which was pursued by the FBI, resulting in authorities’ seizure of the domain.
After this, threat actors, including “USDoD,” needed a platform for selling stolen data, forming “BreachForums.” In September 2023, the threat actor posted two threads in the BreachForums with two statements.
One thread mentioned that USDoD has been officially a member of the “Ransomed” ransomware group responsible for attacking most companies during September 2023. The second thread was much more enjoyable about the Airbus data leak.
Origin from Turkish Airline Employee
According to information shared with Cyber Security News, the source of this breach can be traced back to an employee of a Turkish airline who had obtained an illegal copy of a Microsoft .NET framework. This ultimately led to the spread of the RedLine malware, which is designed to collect sensitive information without the user’s knowledge or consent.
Threat actors gained access to the credentials from the affected system and used it for the initial attack vector.
Other reports indicate that info-stealer infections have surged 6000% since 2018, which points them out as the primary attack vector threat actors adopt in executing cyberattacks.
A complete report about the cyber attack has been published, providing detailed information about the attack vector, origination, and other information.
It is recommended that organizations make sure about the restrictions of unauthorized software downloads by their employees and prohibit the use of pirated software in Organisational assets.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.