Major aircraft manufacturer suffers ransomware infection and data breach

Commercial aircraft manufacturer Bombardier has just revealed that it was the victim of a data breach as a result of the operators of the Clop ransomware, which exploited a critical zero-day vulnerability in their systems to extract sensitive information. Bombardier is one of the most important companies in its field, with more than 16,000 employees worldwide.

Just a few days ago Clop operators published on their website a set of files allegedly stolen from Bombardier’s systems, including plans for some aircraft and flight test reports. Just hours after this incident, the company issued a statement confirming that some sensitive data may have been compromised due to the commitment of a file transfer platform.

CLOP HACKING GROUP RANSOM NOTE

“After an initial investigation we discovered that an unauthorized actor managed to access this platform in order to extract information through the exploitation of a vulnerability; this system is isolated from our main network,” Bombardier’s report says. In an email shared with some security firms, the company adds that the service compromised by hackers is Accellion FTA, a file transfer application that has been the subject of multiple attacks for a couple of months.

Bombardier acknowledges that threat actors managed to extract sensitive information from employees, customers and suppliers: “The incident has affected some of our employees, mainly in Costa Rica.” The company has been in contact with all affected parties since the incident was detection, mainly to assure them that Accellion’s servers are isolated from the company’s core networks.

Accellion, new favorite target of ransomware groups

Accellion FTA is a file transfer service developed 20 years ago and is widely popular with public and private organizations around the world. In December 2020, a hacking group managed to exploit a zero-day flaw in this protocol to access information stored on the servers of companies using Accellion.

While the updates required to fix this flaw were released, hackers had already managed to compromise the servers of an undetermined number of vulnerable organizations. About the Clop ransomware group, experts mention that these hackers began attacking Implementations of Accellion FTA to encrypt their systems and steal sensitive information. Among the victims of this hacking group are organizations such as Singtel, Jones Day and ABS Group. It is still unknown whether Clop is a ransomware as a service (RaaS) platform or if it operates as a hacking group, although it is a fact that they have become one of the most relevant security threats of early 2021.