Data Security Incident at Sierra Lobo (SLI), a US Aerospace Engineering Firm

February 23, 2024

Despite patching a vulnerability in a remote access tool, Fremont, Ohio-based Sierra Lobo, Inc. (SLI), suffered a data security incident the company feels launched before they applied the mitigation.

“Based upon the forensic investigation, this cybersecurity incident commenced through the exploitation of a vulnerability in our remote access tool, ScreenConnect. Despite the immediate application of a patch addressing the identified vulnerability, subsequent investigations suggest that the system remained compromised, indicating that the initial breach occurred prior to the patch application.”

read more

Continental Aerospace Discloses Cyberattack

February 20, 2024

Continental Aerospace is under a cyberattack according to its website. The engine manufacturer recently posted a website banner announcing that it is experiencing an ongoing cyberattack which is impacting operations at its Mobile Alabama headquarters.

The important notice posted on the 20 February reads: “Continental US operations were recently impacted by a cyber incident affecting daily operations based in Alabama. Continental is actively engaged with a team of experts who are working to resolve the issues as quickly as possible and expects to resume full operations soon.”

Continental have not elaborated when the cyberattack will end, nor how widely disruptive the event has been to its daily operation. Furthermore, the US engine OEM has not yet said if a data breach has occurred.


read more

Japan’s Space Agency (JAXA) Hit by Cyberattack

November 29, 2023

Japan’s space agency was hit by cyberattacks even as hackers failed to access sensitive information about rockets and satellite operations, a spokesperson revealed Wednesday (Nov 29). “There was a possibility of unauthorized access by exploiting the vulnerability of network equipment,” the spokesperson at Japan Aerospace Exploration Agency (JAXA) was quoted as saying by Reuters. However, the official declined to elaborate on details, such as when did the attack take place.

JAXA got to know about the attack after an external organisation conducted an internal audit, as per the spokesperson.

In August, China-backed hackers were held responsible by Japan for a months-long cyberattack campaign, in which Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) was targeted.

A spokesperson for the JAXA said a detailed investigation is going on into the hacking attempt and it was not revealed who could be orchestrating this.

read more

Snatch Claims it Breached Hemeria Group, partner of the French Space Agency CNES

April 18, 2022

The Snatch ransomware group has claimed in a post on February 17, 2023, that it has breached the systems of Hemeria Group, a partner of defense and space systems maker of the French Space Agency CNES in 2022. According to the leak site post, the operators of Snatch state they initiated talks with the Palace of Versailles to maintain caution because the company data is considered a state secret.

Cybersecurity researchers have posted about the Hemeria Group data breach with screenshots from the ransomware group’s post.
Hemeria management replied by denying having anything to do with the data that Snatch had. The firm also did not seem to be affected by the data breach news.

read more

Fake GPS Signals in Middle East lead Multiple Aircrafts Astray

November 24, 2023

GPS spoofing from an unknown source in the Iraq-Iran area is causing complete aircraft navigational system failures in some overflying airliners and business jets. GPS spoofing is “the surreptitious replacement of a true satellite signal that can cause a GPS receiver to output an erroneous position and time”

This novel type of GPS and IRS signal spoofing attack caused over 20 aircraft to suffer complete loss navigation capability over restricted airspace, and caused unintended divergences in flight paths, in the corridor between Iran and the UM686 airway in NW Iraq. As a result, one bizjet almost strayed into Iranian airspace without clearance. This jeopardized the safety of hundreds of lives. GNSS comms are unencrypted and were never expected or designed to cope with this threat.

read more

Spanish Aerospace Company targeted by North Korean Lazarus Gang

September 29, 2023

Hackers connected to a notorious group within the North Korean government launched an attack against an aerospace company in Spain, according to researchers at security company ESET. In a report on Friday, researchers said they discovered a campaign by hackers connected to Lazarus — an infamous group that has stolen billions from cryptocurrency firms over the last two years.

The North Korean ‘Lazarus’ hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown ‘LightlessCan’ backdoor. The hackers utilized their ongoing “Operation Dreamjob” campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file.

Employees of the unnamed company were sent messages on LinkedIn from a fake Meta recruiter and tricked into opening malicious files that purported to be coding quizzes or challenges. When opened, the files infect a victim’s device with a backdoor that would allow the hackers to conduct espionage, according to ESET.

read more

BlackCat Allegedly Attacked Drone Systems Partner of NASA, Airbus

November 1, 2023

Unmanned drone systems maker, Autonomous Flight Technologies (AFT), has allegedly fallen victim to a cyberattack orchestrated by the notorious BlackCat ransomware group. The attackers claimed the Autonomous Flight Technologies data breach and purportedly sold exfiltrated data to an undisclosed foreign entity.

AFT, recognized for its cutting-edge unmanned drone technology, boasts prominent partnerships with industry giants such as Airbus, NASA, NBC, and Northrop Grumman. As the Autonomous Flight Technologies data breach remains unconfirmed, the industry awaits an official response from AFT while grappling with the broader implications of cybersecurity vulnerabilities in the rapidly advancing field of unmanned autonomous systems.

read more

Boeing Hacked – Lockbit Gang Leaks almost 45 GB of Data Reportedly Stolen.

October 27, 2023

Boeing Co. is assessing a claim made by the Lockbit cybercrime gang it had “a tremendous amount” of sensitive data it would publish online if Boeing didn’t pay a ransom by November 2.
The hacking group posted a countdown clock on its data leak website with a message saying, “Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline! For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”

Two weeks after the claimed attack, Lockbit leaked almost 45 gigabytes of data reportedly stolen.

read more

DoDDS Attack at Russian Flight Booking System, Leonardo, Disrupts Airport Operations

September 28, 2023

A Russian flight booking system was hit by a cyberattack on Thursday, causing delays at airports. The incident lasted about an hour and affected the operation of several Leonardo customers, including Russian air carriers Rossiya Airlines, Pobeda and flagship airline Aeroflot. DDoS attacks overwhelm websites with a flood of traffic, making them temporarily unavailable to users.

Leonardo is used by more than 50 Russian carriers and serves around 45 million passengers annually, according to the Russian news agency Interfax.

read more

National Science Foundation Shuts down Telescopes in Hawai’i and Chile

August 1, 2023

A U.S. national center for astronomy was struck with a cyberattack this week that hindered the operations of an observatory in Hawai’i and Chile.

The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory – also known as NOIRLab – published a notice on Tuesday night explaining that the lab had discovered an attempted cyberattack on its systems that morning. The attack forced the “suspension of astronomical observations at Gemini North in Hawai’i.” Located in Maunakea, Gemini North is one of the Gemini Observatory’s two telescopes, with the other in Chile, and is an international science partnership between the U.S., Canada, Chile, Brazil, Argentina and South Korea.

“Quick reactions by the NOIRLab cyber security team and observing teams prevented damage to the observatory. Out of an abundance of caution we have decided to isolate the Gemini Observatory computer systems by shutting them down,” the organization said. Both the telescopes in Hawai’i and in Cerro Pachón, Chile have been shut down as the IT team investigates the incident and “develops the recovery plan in consultation with NSF’s cyber specialists.”

The lab did not say if the incident was a ransomware attack but said it had no impact on the infrastructure of other NOIRLab centers.

read more