Airbus under attack! Industrial espionage by means of Supply Chain Attack?

(To Alessandro Rugolo)
09/02/19

Let's start from the facts.

30 January 2019: Airbus releases a press release announcing that it has suffered a cyber attack, in particular the incident concerns the commercial part of the company. This is unauthorized access to company data. It also announces that there is no impact on Airbus's commercial operations.
Airbus, let's remember, is a European company based in the Netherlands, active in the production of aircraft, space and defense and helicopters. Among its activities both for internal use and for its customers there is also the cyber defense.
The statement goes on to say that the incident is being scrutinized by its experts who have taken all necessary steps to reinforce existing security measures and to mitigate the potential impact and to identify the source of the attack. The company claims that the analysis aims to understand even if the data targeted at a possible target, in any case there has been access to personal data, mainly professional contacts and IT references of employees of Airbus in Europe.

The 30 January press release ends with the customary sentence regarding regular contacts with the sector authorities, including those of the Data Protection sector and with the assurance that the employees of the Airbus have been informed that they take all the necessary precautions in the continuation of the activities .

The press takes care of the case a few days after the announcement. The "Challenges" newspaper 4 February reports that according to the concordant declarations (coming from public sources and sources close to the company) the "modus operandi" used in the attack is similar to that employed by a cyber group operating from China. It seems that the goal was to get hold of technical documents related to aircraft certification. The attack scheme used is in fact similar to that of APT 10, although probably more sophisticated.

It seems that the attack started in December and was directed to one of the Airbus suppliers, and then move on to the real goal.
Naturally the attribution is based on clues, it will be very different to demonstrate it.

We note that the stock exchange performance of the shares has not been affected (at least apparently) by what happened.
In any case, what happened is once again an indication of how dangerous a supply chain attack, led to a third party, usually a sub-supplier company of the true objective, with little or no cyber defenses.

To learn more:
- https://www.airbus.com/newsroom/press-releases/en/2019/01/airbus-stateme...
- https://www.challenges.fr/entreprise/transports/cyberattaque-contre-airb...
- https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believ...
- https://www.fireeye.com/current-threats/apt-groups.html#apt10
- https://www.cshub.com/attacks/articles/incident-of-the-week-airbus-repor...
- https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-c...

Photo: Airbus