Bombardier, one of the worlds leading manufacturers of business jets, disclosed that it was a victim of a security breach during which attackers gained access and extracted data by exploiting a vulnerability affecting a third-party file-transfer application used in the company’s IT network.
“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised. The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers,” the Canadian aerospace manufacturer said in a statement. “Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application. Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders.”
While Bombardier did not specify what third-party file-transfer application was affected or what vulnerability was exploited by hackers, it is understood that the attack against the company was part of a broader campaign in which threat actors exploited multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software to gain access and steal data from target organizations.
Researchers at cybersecurity firm FireEye linked the cyber attacks, which began in mid-December 2020, to the cybercrime groups tracked as FIN11, UNC2546, and UNC2582. During the attacks the hackers stole sensitive data from the target systems and then published it on the Clop ransomware gang’s leak site.
This week the Clop ransomware group posted files stolen from Bombardier on their data leak site. The shared data includes design airplane and parts schematics and flight test reports. As per The Register, the leaked data also include a CAD drawing of a Leonardo Seaspray 7500E radar antenna, which is fitted to a number of US and UAE aircrafts.