Airbus investigates data leak allegedly involving thousands of suppliers

The European aerospace giant Airbus said on Tuesday that it is investigating a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web.

A threat actor using the moniker "USDoD" posted Monday on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee. The hacker claimed to have details on thousands of Airbus vendors, including names, addresses, phone numbers and emails, according to a report from Hudson Rock.

Airbus spokesperson Philippe Gmerek confirmed to Recorded Future News that hackers breached an “IT account associated with an Airbus customer” and that the company was investigating the incident. This account was used to download business documents dedicated to this customer from an Airbus web portal, the company said.

“Immediate remedial and follow-up measures were taken by our security teams to prevent our systems from being compromised,” Gmerek told Recorded Future News in an email.

According to the Hudson Rock, the threat actor — who appears to be linked to a December 2022 breach of the FBI’s InfraGard system — posted the leaked information publicly without making any demands. Few details are known about the threat actor or their motivations, but they have said they are a member of the relatively new ransomware group known as “Ransomed.”

Aerospace companies are regularly targeted by hackers for the sensitive data and technology they hold. Last week, the FBI, U.S. Cyber Command and the Cybersecurity and Infrastructure Security Agency warned that multiple nation-state hackers exploited two vulnerabilities to target an unnamed aerospace company this year.

In 2019, Airbus experienced a series of cyberattacks directed at its suppliers from hackers who were after commercial secrets. China was the main suspect at that time, although the country repeatedly denied involvement in hacking.