Canadian aircraft manufacturer Bombardier has become the latest victim of a campaign targeting customers of a legacy file transfer application, it revealed yesterday.
The firm claimed that an unauthorized third party exploited a vulnerability in the software to steal sensitive data from the firm.
“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted,” it explained.
“Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised. The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers.”
Although Bombardier did not name the offending software, it’s likely to be the Accellion FTA product. Attackers have been breaching Accellion customers since Christmas 2020 when the New Zealand central bank was hit.
However, some of those targeted find that stolen data is being uploaded to a dark web site in a presumed bid to extort the companies. According to FireEye, the site has previously been used by the Clop ransomware gang in double dip extortion attempts.
Data from Singtel and US law firm Jones Day, which denies it was breached, are said to be on the underground site.
FireEye yesterday claimed in a new report that the group behind the attacks shares some similarities with the notorious FIN11 cybercrime gang.
An update from Accellion yesterday revealed that fewer than 100 of the 300 corporate users of FTA have been affected by the campaign, and “fewer than 25 appear to have suffered significant data theft.”
Bombardier said it had notified the appropriate authorities including law enforcement.