Canadian aircraft manufacturer Bombardier acknowledged it recently suffered a cybersecurity breach following an attack from Clop ransomware gang.
Bombardier, who supplies aircraft for several defense solutions, said a certain amount of data had been extracted and posted on the dark web.
While the company did not specifically confirm, the leak is being connected with an attack on a number of companies using vulnerable file-transfer software from Accellion.
According to reports, the leaked data appears to include information on the airborne early warning & control aircraft (AEW&C) offered by Swedish defense contractor Saab. The AEW&C combines Saab’s Erieye extended range radar and other sensors with the ultra-long range Global 6000 aircraft from Bombardier.
“Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised,” Bombardier said.
The company noted that it was not specifically targeted, saying the vulnerability impacted multiple organizations using the application.
Marshall Aerospace and Defence Group, a UK-based defense technology company, confirmed that some of its data was also compromised.
“We have been made aware by Bombardier of a serious cyber security incident and are naturally disappointed that this has resulted in some material we provided to them as part of a joint project being published on the Dark Web,” a company statement read.
Security firm Fire Eye said that several weeks after delivery of a DEWMODE web shell that enabled the extraction of vulnerable data, victims began to receive extortion emails from an actor claiming association with the CLOP ransomware team.
