- Airbus suppliers targeted by Chinese hackers who were after valuable corporate secrets.
- The weak link in the security was proven to be enterprise VPN solutions which were compromised.
- The infiltrators managed to steal several documents, after launching four cyber attacks over a year.
Airbus reports that their network of suppliers has been hit by a series of cyberattacks. The actors targeted the aerospace company’s suppliers, trying to get their hands onto valuable data like commercial and engineering secrets. Reportedly, there’s a suspicion that links Chinese actors to these attacks, which is consistent with the cyberespionage that is launched by state-supported actors in the Asian country. Airbus is generally a pioneer in the field and has been since a very long time now.
According to the information that surfaced, the two contractors that were targeted were Rolls-Royce and Expleo, while there are another two the names of whom haven’t been disclosed. Rolls-Royce develops and builds engines for Airbus aircraft, while Expleo is a technology, quality, and management consultant firm that works with Airbus. Both entities are considered key partners of the aircraft manufacturer, so they were not randomly picked by the actors. The companies affirm four individual attack waves hitting them over the last year, while the main channel of compromise was reportedly the VPN tools that were used to access the Airbus corporate network.
The four suppliers are using VPN tools to access their collaboration platforms and corporate networks remotely, so we’re not talking about the “usual” protect your privacy VPN tools here, but enterprise solutions. As we’ve seen recently, these types of VPNs are not immune to compromise. DEVCORE researchers have uncovered exploitable flaws in them and urged the world to update their products to plug any holes. However, many companies have still not updated their solution, and so they remain vulnerable. We have no way of knowing if the two stories are connected, but it’s possible given the time that these attacks took place at.
All that said, the attacks had limited success. Reportedly, the hackers obtained technical documents that concern certification processes for aircraft parts, as well as engine schematics relevant to the Airbus A400M engine. This is a recent military transport model which was introduced only six years ago. As it happens, China is also in the midst of problems certifying their Comac C919, which is planned for market launch in 2021. As it also happens, the engines and avionics systems of the C919 are its most substandard elements, so they could use some unofficial and unauthenticated help from Airbus as it seems.