A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers.
The European aerospace giant said it has launched an investigation into the incident.
“As a major high-tech and industrial player, Airbus is also a target for malicious actors,” it noted in a statement.
“Airbus takes cybersecurity seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts and associated processes to protect the company by taking immediate and appropriate measures as and when needed.”
A threat actor known as “USDoD,” claiming to work as part of the Ransomed ransomware group, posted the breached data to the BreachForums site, according to cyber-intelligence firm Hudson Rock.
Read more on Airbus supply chain attacks: Airbus Suppliers Hit in State-Sponsored Attack
Personal information associated with 3200 Airbus vendors such as Rockwell Collins and Thales Group was apparently featured in the data dump – including names, addresses, phone numbers and email addresses.
The threat actor’s claim that this had come from “employee access from a Turkish Airline” was confirmed by Hudson Rock.
“The computer belongs to an employee of Turkish Airlines and contains third-party login credential details for Airbus. The victim likely attempted to download a pirated version of the Microsoft .NET framework, as indicated in the malware path,” it explained.
“Consequently, they fell victim to a threat actor utilizing the commonly employed RedLine info-stealing family.”
Worryingly, USDoD has hinted that more victims in the aerospace industry may soon suffer the same fate, including US defense contractors Lockheed Martin and Raytheon.
The threat actor was previously thought to be responsible for compromising the FBI’s InfraGard information-sharing network.
Samantha Humphries, senior director of international security strategy at Exabeam, argued that tabletop exercises, credential monitoring and breach response planning are necessary to help mitigate supply chain risk.
“Realistically, security leaders must play a part in due diligence discussions around supplier risk, but also implement processes and monitoring to ensure they can detect and respond to supply chain attacks,” she added.
“This is ultimately part of the cost of doing business, and should be seen as a business enabler, as well as a key focus from a risk and compliance perspective.”