European aerospace corporation Airbus has suffered a cyber-attack by unknown hackers who targeted its suppliers to steal Airbus’s technical and commercial secrets. The hackers reportedly tried to break into computer systems of Airbus’s contractors. It’s believed that the attack is linked to Chinese-affiliated threat actors known as APT10, the Agence France-Presse (AFP) reported.
Airbus designs, manufactures, and sells thousands of civil and military aerospace products globally. According to AFP, the attackers targeted supplier Expleo, British engine-maker Rolls-Royce, and two other French contractors who are working for Airbus.
The hackers seemed to be interested in stealing technical documents linked to different parts of Airbus aircraft, including avionics and propulsion systems for the Airbus A350 passenger jet. AFP also stated that hackers also took other documents related to the innovative turbo-prop engines used on the Airbus military transport plane A400M.
Airbus encountered multiple security breaches in the last 12 months. In January 2019, hackers attacked Airbus’s commercial aircraft business information systems, which resulted in unauthorized access to its employees’ personal data. The majority of the accessed information was professional contacts and IT identification details related to Airbus employees in Europe. However, Airbus clarified that there was no impact on its commercial operations and also stated the incident was being investigated by its security professionals.
Airbus notified the data regulatory authorities about the data breach in accordance with the GDPR (General Data Protection Regulation). It also suggested its employees take the necessary precautions to prevent further loss.
“This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins. Investigations are ongoing to understand if any specific data was targeted, however, we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe,” Airbus said in a statement.