Anti-Phishing, DMARC , Cybercrime , Email Threat Protection

Airbus Hacked: Aircraft Giant Discloses Data Breach

Investigation Underway After Attack Compromises Employee Details
Airbus Hacked: Aircraft Giant Discloses Data Breach
Photo: Airbus

Aerospace giant Airbus says it suffered a hack attack leading to a data breach.

See Also: How to Build Your Cyber Recovery Playbook

"Airbus SE detected a cyber incident on Airbus 'Commercial Aircraft business' information systems, which resulted in unauthorized access to data," the company says in a statement issued on Wednesday. "There is no impact on Airbus' commercial operations."

Airbus, the world's second largest aviation and aeronautics business after Boeing, says it is continuing to investigate the intrusion. The company is headquartered in Leiden, Netherlands, although its main civilian airplane business is based near Toulouse, France. The company's and manufacturing facilities are spread across the EU - in France, Germany, Spain and the U.K. - with other facilities in China and the United States.

Airbus has 129,000 employees and reported 2017 revenue of €59 billion ($67.8 billion).

The company's investigation continues. "This incident is being thoroughly investigated by Airbus' experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins," the company says.

So far, the aerospace giant says it doesn't have a complete tally of all of the information that attackers might have accessed.

"Investigations are ongoing to understand if any specific data was targeted, however we do know some personal data was accessed," Airbus says. "This is mostly professional contact and IT identification details of some Airbus employees in Europe."

The EU's General Data Protection Regulation requires businesses that store Europeans' personal data to notify relevant authorities within 72 hours of learning about a data breach. Airbus says that it is "in contact with the relevant regulatory authorities and the data protection authorities pursuant to the GDPR."

The company has not stated how attackers might have gained access to its systems, although security experts say the majority of intrusions trace to spear-phishing attacks, for which IT personnel are often a target (see: Nation-State Spear Phishing Attacks Remain Alive and Well).

"Airbus employees are being advised to take all necessary precautions going forward," the company says.

Brexit Warning

One potential culprit behind the Airbus hack: politically motivated hackers.

The company has been recently raising the hackles of pro-Brexit groups in the U.K. Branding the U.K. government's approach to Brexit a "disgrace,' Airbus has threatened to pull out of the U.K. if the country fails to secure a deal with the EU before its exit from the European Union, which is scheduled to occur on March 29.

"If there is a no-deal Brexit, we at Airbus will have to make potentially very harmful decisions for the U.K.," Airbus CEO Tom Enders said in a video released on Jan. 24.

Airbus UK employs 14,000 in the U.K. Brexit could have a major impact on the Airbus wings factory at Broughton, Wales, which employs 6,000, as well as on the 3,000 employees in Filton, southwestern England, where wings are designed and supported. Another 110,000 supply chain jobs depend upon the company's operations.

During the 2016 EU referendum in the U.K., Filton voted 51.2 percent to remain while Broughton voted 51.3 percent to leave. Countrywide, 51.9 percent of voters opted to leave the EU.

Enders said that the U.K. aerospace sector "stands at the precipice" because of continuing uncertainty over how the U.K. plans to exit the EU.

Lucrative Targets

Aerospace and defense firms, however, have long been targeted by hackers not for political purposes, but because of the value of their intellectual property.

In 2014, the FBI accused three Chinese nationals of hacking into Boeing and other military contractors to steal trade secrets on aircraft.

Hackers were inside Boeing's network for at least a year before being discovered, and stole plans for the C-17 transport and Lockheed Martin's F-22 and F-35 fighter jets, among other information, according to court documents (see: Hacker Steals Joint Strike Fighter Plans in Australia).

In March 2018, meanwhile, Boeing said it had suffered a "limited" malware outbreak and that production and deliveries weren't affected. The Seattle Times reported that Boeing was hit by WannaCry, and it's not clear if the attack was targeted or whether it might have simply resulted from a mistake, such as a contractor connecting an infected laptop to Boeing's network (see: Boeing Confirms 'Limited' Malware Outbreak).

Pitty Tiger

Separately, a July 2014 report from the cybersecurity team at what was then known as the Airbus Defense and Space group documented an APT-style campaign run by a group of attackers, who appeared to be Chinese, that it dubbed Pitty Tiger.

The attack group mostly targeted victims based in Europe, which Airbus declined to name, except to say that there was one from each in the defense, energy, telecommunications and Web development sectors, and some of the attack emails were written in French.

Investigators have not said if Airbus itself was one of the targets. But they did say the group didn't appear to be a nation-state hacking team (see: Report: Mercenaries Behind APT Attacks).

"Pitty Tiger is probably not a state-sponsored group of attackers," the Airbus report says. "They lack the experience and financial support that one would expect from state-sponsored attackers. We suppose this group is opportunistic and sells its services to probable competitors of their targets in the private sector."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.