Attackers breached supplier systems to steal Airbus secrets

Industrial espionage via the supply chain. It’s mildly ironic that we are talking about ‘zero trust networks‘ whilst at the same time extending trust to third parties with ineffective security controls…:

[…] Sources within the company revealed to news agency Agence France Presse that the firm now believes it has seen four large-scale attacks through different suppliers, named by the organisation as UK engine manufacturer Rolls-Royce, French tech consultancy Expleo, and two other unidentified companies.

In the named cases, it is alleged that the hackers targeted virtual private networks (VPNs) to gain remote access to systems. The sources claimed their attackers appeared particularly interested in technical documents pertaining to how Airbus components are certified, as well as information on the A350 family of aircraft and another military jet, and suggested this indicated that they likely had links to the Chinese government.

Chinese aviation firm Comac is currently developing a narrow-body twin-engine commercial airliner, the C919, the development and certification of which is behind schedule.

[…]

Original article here