Posted on September 29, 2019 at 7:41 AM
Hackers Compromise Airbus Networks Through Supplier VPNs
Widely known aerospace firm Airbus has recently suffered a string of cyberattacks performed by malicious actors trying to gain a hold on top-secret data. The modus operandi had the hackers targeting Virtual Private Networks (VPNs) implemented by the firm’s suppliers.
In the last year, the European multinational aerospace corporation has been hit by four different hacking events. Because it often feeds from and implements innovative technologies that result fairly attractive to hackers, Airbus is one of the cybercriminals’ favorite targets. The company not only is among the biggest in the planet at manufacturing large planes, but it also supplies military aerospace equipment.
Back in January, Airbus conceded that it had been hit by what it called an incident, in which malicious actors had unauthorized access to critical information about the company. However, researchers and specialists stated at the time and reiterated afterward that the multinational firm was actually the primary target in a much bigger attack, planned out for most of last year.
Targeting Third-Party Contractors and Suppliers
While trying to hijack the company’s valuable information, the bad actors attempted to target Rolls Royce, one of the primary suppliers of engines to Airbus, and Expleo, another supplier of technology equipment based in France, as well as other European contractors.
The strategy used by hackers in the case to try to access Airbus’ data and information through third-party collaborators and suppliers proved to be successful to some extent, as cybercriminals managed to breach Expleo.
The attack towards Expleo was spotted near the end of 2018. However, a source with knowledge of the matter but preferred to stay under anonymity said to the AFP that the firm’s systems and servers had been breached long before that.
In fact, the source revealed that what the hackers managed to achieve was compromising the Virtual Private Network that Expleo implemented to connect with Airbus and keep all communications encrypted.
VPNs are known for their use as privacy protectors in online settings and interactions. They can mask the user’s browsing patterns and activities from snoopers, spies, government surveillance, and even Internet Service Providers (ISPs.)
Remote Access to Servers and Corporate Networks
However, it is no secret that VPNs are also used by firms all around the world to provide remote access to third party suppliers and providers, which was what happened with Expleo, Rolls Royce, and other known contractors known for being associated with Airbus.
The suppliers, four in total, use VPN resources to enter collaboration platforms and corporate networks from remote locations. It is fair to say, then, that they are not the usually-deployed personalized solutions, being enterprise offerings instead.
Enterprise VPN solutions are notoriously easier to hack and compromise than regular ones, as DEVCORE recently unveiled some exploitable vulnerabilities in them and prompted the whole cyberspace to patch and update as needed.
The problem is that numerous companies around the world haven’t yet updated their solutions, so they remain vulnerable to breaches and attacks. There is no certainty about the fact they the corporate VPN used by Airbus, Expleo, Rolls Royce, and the other contractors weren’t updated, but it remains a possibility.
Trying to Access Details About the Certification Process
Various sources have reported that the cybercriminals perpetrated the attack towards Airbus’ suppliers while trying to get specific, critical documents of the technical variety that were related to the certification process for several parts of Airbus’ aircraft.
Also, other documents were taken, most notably those related to the engines of the Airbus A400M, a military transport machine, which may prompt authorities not to rule out the possibility of the attacks being tied to a nation-state.
As of the moment of writing this piece, the identities of those who performed the attacks haven’t yet been revealed. However, many in the cybersecurity community have the suspicion that Chinese criminals may be behind the whole operation because they have stolen crucial data in the past.
While there is no conclusive evidence to support the theory, many believe that APT10 and/or JSSD, two highly recognized Chinese hacking associations are responsible for the hacking events.