Posted on February 25, 2021 at 10:08 PM
A recent report reveals that hackers have leaked details of Bombardier, a Canadian military spy plane, on the dark web. The report stated that the company was asked for ransom, but the hackers decided to expose the data after they refused to pay. Bombardier recently announced that it was a victim of a cybersecurity breach.
The darknet data was posted by CL0P^_- LEAKS, which seems to show mechanics and specifications for the GlobalEye control and early warning platform, developed by Saab, the Swedish defense company.
The screenshot of the files posted on the darknet shows a schematic picture of the GlobalEye radar defense system attached to the Bombardier’s private jet.
Employees and customers’ information breached
The breached data also included personal information about employees, suppliers, and customers of the company.
“[..[ personal and other confidential information relating to employees, customers, and suppliers were compromised,’ the firm stated.
GlobalEye is a surveillance protocol that provides fast and accurate coverage of a wide area of land and distances. It gives the users the ability to quickly start transmission to other surveillance areas in an instant.
GlobalEye website says it has numerous customers from various countries using its products These include Sweden, United Arab Emirates, Thailand, Pakistan, Greece, Brazil, and Mexico.
Both Bombardier and GlobalEye have been reached for comments about the hacking incident. But Bombardier has not responded to questions or commented on Clop’s breach of the plane’s schematics, although it has released a general statement about the hack.
However, some of the details posted on Clop’s site show some corporate documents such as parts schematics and flight test reports, which were also compromised and stolen.
Both companies have engaged law enforcement and various security outfits to commence an investigation into the breach. The investigation shows that the hackers had unauthorized access to the data stored on the specific servers.
However, a press release by Bombardier revealed that customer support and manufacturing operations were not affected by the breach.
The company also revealed that the hacking incident affected about 130 employees in Costa Rica. It has started contacting stakeholders including employees and customers who were impacted by the hacking incident.
It is not clear whether the hackers have released the entire data or whether more data is stored for future use by the hacker.
Bombardier has confirmed that the hackers were able to compromise its server through a vulnerable Acellion’s FTA file transfer app. the app enables businesses to transfer large files securely.
The Clop’s website was set up in March last year to publish breach data from victims that refused to pay the ransom amount. The Clop leaks became popular after the hacking group breached Accellion’s FTA.
Several firms have been affected by the Clop ransomware breach, which includes the Jone Jay law firm that represents former President Donald Trump.
Other organizations recently compromised through FTA include Colorado University, Australian Securities and Investment Commission, as well as Reserve Bank of New Zealand.
Bombardier not specifically targeted
Bombardier has also stated that it wasn’t the direct target of the attack since other companies use the same Accellion software that was affected.
FireEye stated that the ‘CL0P^_- LEAKS’ site has added more breached files since February. It also shows that the site has increased its number of visitors, with over 20 thousand journalists, competitors, hackers, and IT experts visiting since the beginning of the month.
The cybercriminal group FIN11 seems to be behind series of ransomware campaigns.
According to cybersecurity firm FireEye, FIN11 has previously released a breached data from a Clop ransomware attack on the .onion site.
But the most recent attack by the gang didn’t show any use of ransomware. The signatures of FIN1 were also not seen on the attack.