InfoSecBulletin Cybersecurity for mankind
The recent data breach at Airbus was caused by an info-stealer called RedLine, which was most likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant has announced the initiation of an investigation regarding the incident.
In a statement, it was emphasized that Airbus, being a major player in the high-tech and industrial sectors, is a prime target for malicious individuals. Airbus prioritizes cybersecurity and consistently monitors its IT systems. They have strong protection tools, experienced cyber experts, and established processes to promptly and effectively protect the company as necessary.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
ALSO READ:
DDoS Attacks at 633.7 Gbps Combining ACK, PUSH, RESET, and SYN Packets
According to Hudson Rock, a cyber-intelligence firm, a threat actor known as “USDoD” and allegedly associated with the Ransomed ransomware group, has shared the breached data on the BreachForums site. The personal information of 3200 Airbus vendors, including Rockwell Collins and Thales Group, was exposed in a data dump. This information includes names, addresses, phone numbers, and email addresses.
Hudson Rock has confirmed the claim made by the threat actor that this originated from an employee’s access at Turkish Airlines. The computer is owned by a Turkish Airlines employee and holds important login credentials for Airbus, provided by third parties.
The explanation provided states that the victim apparently made an attempt to download an illegal version of the Microsoft .NET framework, as indicated in the path of the malware.
As a result, they became victims of a threat actor who used the widely used RedLine info-stealing family. There is a concerning hint from the USDoD that the aerospace industry could potentially face more victims, including renowned US defense contractors like Lockheed Martin and Raytheon. Previously, it was believed that the individual responsible for infiltrating the FBI’s InfraGard information-sharing network was the threat actor.
Samantha Humphries, a senior director at Exabeam, said that to reduce supply chain risk, it is important to carry out tabletop exercises, monitor credentials, and plan for breach response. “Security leaders have a crucial role to play in due diligence discussions regarding supplier risk. Moreover, they should establish and oversee processes and monitoring systems to effectively detect and respond to supply chain attacks,” she emphasized.
This is a necessary expense for businesses and should be seen as something that helps businesses operate effectively and comply with regulations.
