Security sources have found that the European aerospace giant Airbus has been hit by a series of cyberattacks by hackers who targeted the company's suppliers in search of technical secrets, with suspicions the attack is linked to China.
Two security sources involved in the investigation claim there have been four major attacks on Airbus within the last 12 months. The company has long been considered an attractive target to cybercriminals because of its cutting edge technologies and work as a strategic military supplier.
The group admitted in January to a security incident that had resulted in unauthorized access to company data but has just recently been targeted through its suppliers - a sign that hackers are sniffing our weaknesses in the supply chain.
Cybercriminals targeted Rolls-Royce, French technology supplier Expleo, and two other French contractors working for Airbus that AFP could not identify. Airbus and Rolls-Royce did not reply to AFP's request for comment and Expleo would neither confirm nor deny that it had been the target of a cyber attack.
An anonymous source told AFP that the attack against Expleo was spotted at the end of 2018, but the group's system had been compromised well before then. "It was very sophisticated and targeted the VPN which connected the company to Airbus," the source said.
Airbus suppliers sometimes operate in a VPN linking them with colleagues at the plane-maker.
The other cyber attacks used the same methods, with the first incident detected at a British subsidiary of Expleo, formerly known as Assystem, as well as Rolls-Royce, which supplies engines for Airbus planes.
Sources claim the hackers have shown interest in technical documents linked to the certification process for different parts of the Airbus aircraft. Documents have been compromised related to the engines of the Airbus military transport place A400M. This particular aircraft has some of the most powerful propeller engines in the world.
Hackers have also shown interest in the propulsion systems for the Airbus A350 passenger jet and its avionics systems that control the plane.
No sources were able to identify the perpetrators of the attacks since hackers are known to use tools to disguise their tracks or leave clues meant to throw the investigation off course and blame someone else. That being said, it's suspected Chinese hackers are responsible, given their history of stealing sensitive commercial information.
Several sources believe a group of hackers linked to the Chinese Communist Party, known as APT10, are behind the attacks since Engines and avionics are "areas in which Chinese research and development is weak". But another source pointed to a group of Chinese hackers known as JSSD who focus specifically on the aerospace industry.
These attacks show just how vulnerable Airbus is to intrusions through its global supplier network and the real value of its technology to foreign countries. It's important for companies to focus on investing in their own security foundation, but it's also important to make certain your suppliers and business partners are taking security just as seriously. If one member has weak security standards, you both are bound to suffer.
You can learn about NNT's continuous Real-Time Breach Detection solution by visiting our website