Engineering company Bombardier fell victim to a ransomware attack

It became known that the Canadian engineering company Bombardier became the next victim of the ransomware attack on the Accellion FTA service.

As we said earlier, since December 2020, information security experts have been recording attacks on companies and organizations using the outdated Accellion FTA (File Transfer Application) file-sharing service. FireEye analysts attribute this activity to the FIN11 hacker group and warn that more than 100 companies have already become victims of cybercriminals.

According to the latest data, hackers exploit four vulnerabilities in FTA (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104) and then install the DEWMODE web shell and use it to steal files stored on victims’ FTA devices. After that, the attackers blackmail the victims, demanding a ransom and threatening to leak the stolen information into the public domain.

Interestingly, the stolen data is published on a website owned by the operators of the Clop ransomware, but not a single machine has been encrypted on the networks of the affected companies. That is, they all became victims of hacking and classic extortion, not a ransomware attack.

According to Accellion, out of approximately 300 FTA clients, β€œfewer than 100” were attacked, and among them, less than 25 were affected by data theft. FireEye clarifies that some of these 25 customers are being blackmailed, and hackers are demanding a ransom from them.

Earlier this week, it became known that the next victim of this campaign was the Canadian engineering company Bombardier, whose data has already been published on the Clop website.

The investigation showed that unauthorized individuals gained access and stole data by exploiting a vulnerability affecting a third-party file transfer application that ran on special servers isolated from the main Bombardier network.the manufacturer said in a statement.

The company also said that personal and other confidential information concerning Bombardier employees, customers and suppliers was compromised: at least about 130 employees in Costa Rica were affected.

Worse, the media have already found among the data that published hackers various design documents for aircraft and aircraft parts manufactured by Bombardier. For example, the journalists of the British edition of The Register managed to identify on one of the leaked CAD drawings the Leonardo Seaspray 7500E military radar system, produced by the military contractor Leonardo.

This radar is installed on GlobalEye reconnaissance aircraft based on the Global-6000, which are supplied to the United Arab Emirates, as well as on C-130 Hercules aircraft, which are used by the US Coast Guard.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.