Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Leak Data Stolen From Jet Maker Bombardier

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.

In a Thursday statement, the jet maker revealed that an unauthorized party was able to access and steal data by exploiting a vulnerability in “a third-party file-transfer application.” While the company did not say which third-party software was compromised, the general characteristics of the incident suggest it was Accellion’s FTA service.

A 20-year-old file sharing service set to be retired on April 30, FTA was recently targeted in a cyber-attack that affected up to 100 Accellion customers, out of a total of 300 that were still using the application at the time of the attack.

These include Australian health and transport agencies, U.S.-based law firm Jones Day, and grocery and pharmacy chain Kroger. The attacks, security researchers with FireEye say, appear linked to the TA505 spin-off FIN11.

The threat actors behind the attack on Accellion’s software have been sending extortion emails to organizations affected by the incident, threatening to share the stolen data publicly on the “CL0P^_- LEAKS” Tor website.

With data pertaining to Bombardier emerging on the website and the company disclosing a data breach caused by a third-party application used for file transfer, it’s clear that Accellion’s FTA was responsible for this incident.

“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted,” Bombardier says.

The company also notes that it has launched an investigation into the incident and that law enforcement was informed on the issue. It also claims that only the “data stored on the specific servers” was affected, and that its network was not compromised.

Advertisement. Scroll to continue reading.

“Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application,” Bombardier also says.

In addition to data taken from Bombardier, the attackers behind the Clop operation also leaked information supposedly stolen from Pentair and CSA Group. However, neither of these companies has confirmed a data breach yet.

Related: Over 1 Million Impacted by Data Breach at Washington State Auditor

Related: New Zealand Central Bank Says Accellion Service at Heart of Cyberattack

Related: Australian Corporate Regulator Discloses Breach Involving Accellion Software

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.