Aircraft parts manufacturer FACC AG revealed this week that cybercriminals managed to steal a significant amount of money in a scheme targeting the company’s finance department.
FACC AG is an Austria-based company that provides lightweight composite components for the aeronautics industry, including major manufacturers such as Boeing and Airbus.
The company has reported losing roughly €50 million ($54 million) as a result of criminal activity involving information technology and communications systems. FACC has only shared few details about the incident, but the aircraft parts maker believes the attackers are from outside the company.
The Austrian Criminal Investigation Department has been notified and criminal and forensic investigations have been launched.
The attackers reportedly targeted only FACC’s accounting department — the company said its IT infrastructure and business operations have not been impacted, and there is no evidence that data or intellectual property have been stolen.
“The damage is an outflow of approx. EUR 50 mio of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims,” FACC stated. “All production- and engineering units operate in an unaffected and normal way. An economic threat to the company concerning liquidity does not exist. The management board will decide on further actions after the outcome of the forensic investigations is available.”
Last year, low-cost airline Ryanair lost $5 million as a result of a fraudulent electronic transfer. In Ryanair’s case, the attackers transferred the money to an account in China, but the company worked with banks and authorities and managed to recover it.
Companies large and small are often targeted by financially motivated cybercriminals. In some cases, the attackers use malware to steal money from the target’s bank accounts. However, some fraudsters rely mostly on social engineering and trick their victims into sending the money themselves.
Security blogger Brian Krebs recently presented a case where the accounting director of a Texas manufacturing firm was tricked into sending $480,000 to an account at a Chinese bank. The attackers sent the director a series of emails apparently coming from the company’s CEO, instructing him to send the money to an account they controlled. The victim only became suspicious after the cybercrooks sent instructions for a second payment of $18 million.
These types of scams, known as business email compromise (BEC) scams, have helped cybercrooks make a lot of money. The FBI reported in August 2015 that such incidents had been reported in 79 countries across the world.
Between October 2013 and August 2015, more than 7,000 victims had been recorded in the United States, with losses totaling nearly $750 million. Data from international law enforcement agencies showed that BEC scams resulted in losses of more than 1.2 billion.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
- US to Adopt New Restrictions on Using Commercial Spyware
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
- Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks
- GitHub Rotates Publicly Exposed RSA SSH Private Key
