Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Leak Data Stolen From Jet Maker Bombardier

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach.

In a Thursday statement, the jet maker revealed that an unauthorized party was able to access and steal data by exploiting a vulnerability in “a third-party file-transfer application.” While the company did not say which third-party software was compromised, the general characteristics of the incident suggest it was Accellion’s FTA service.

A 20-year-old file sharing service set to be retired on April 30, FTA was recently targeted in a cyber-attack that affected up to 100 Accellion customers, out of a total of 300 that were still using the application at the time of the attack.

These include Australian health and transport agencies, U.S.-based law firm Jones Day, and grocery and pharmacy chain Kroger. The attacks, security researchers with FireEye say, appear linked to the TA505 spin-off FIN11.

The threat actors behind the attack on Accellion’s software have been sending extortion emails to organizations affected by the incident, threatening to share the stolen data publicly on the “CL0P^_- LEAKS” Tor website.

With data pertaining to Bombardier emerging on the website and the company disclosing a data breach caused by a third-party application used for file transfer, it’s clear that Accellion’s FTA was responsible for this incident.

“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted,” Bombardier says.

The company also notes that it has launched an investigation into the incident and that law enforcement was informed on the issue. It also claims that only the “data stored on the specific servers” was affected, and that its network was not compromised.

Advertisement. Scroll to continue reading.

“Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application,” Bombardier also says.

In addition to data taken from Bombardier, the attackers behind the Clop operation also leaked information supposedly stolen from Pentair and CSA Group. However, neither of these companies has confirmed a data breach yet.

Related: Over 1 Million Impacted by Data Breach at Washington State Auditor

Related: New Zealand Central Bank Says Accellion Service at Heart of Cyberattack

Related: Australian Corporate Regulator Discloses Breach Involving Accellion Software

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights