"Pirated Software Likely Cause of Airbus Breach"

According to security researchers at Hudson Rock, a major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software.  The European aerospace giant said it has launched an investigation into the incident.  The researchers stated that a threat actor known as “USDoD,” claiming to work as part of the Ransomed ransomware group, posted the breached data to the BreachForums site.  Personal information associated with 3200 Airbus vendors, such as Rockwell Collins and Thales Group, was apparently featured in the data dump, including names, addresses, phone numbers, and email addresses.  The threat actor’s claim that this had come from “employee access from a Turkish Airline” was confirmed by the researchers.    The researchers stated that the computer belongs to an employee of Turkish Airlines and contains third-party login credential details for Airbus.  The victim likely attempted to download a pirated version of the Microsoft .NET framework, as indicated in the malware path.  The researchers noted that they consequently fell victim to a threat actor utilizing the commonly employed RedLine info-stealing family.  Worryingly, USDoD has hinted that more victims in the aerospace industry may soon suffer the same fate, including US defense contractors Lockheed Martin and Raytheon.
 

Infosecurity reports: "Pirated Software Likely Cause of Airbus Breach"