Earlier this week world’s second-biggest aerospace and defence company was attacked by hackers. The hackers intruded its suppliers which are of high value.
Airbus has suffered four major attacks in the last twelve months. AFP reported that the British engine-maker Rolls-Royce and French technology consultancy Expleo are the global suppliers of Airbus which the attackers intruded.
“Previous reporting into recent incidents affecting aerospace and defence have linked this activity to APT10 and JSSD. Though the nature of activity makes attribution challenging our experience of the campaign suggests a new group that we have condemned Avivore,” said Oliver Fay.
Avivore is a previously untracked nation state-level advisory. Avivore is believed to be the conspirator behind the threat against aerospace giant airbus.
Large companies have a very strong shell, and it is too difficult to intrude them so the hackers target smaller companies. “It was very sophisticated and targeted the VPN which connected the company to airbus,” the source said.
Avivore follows a reflective strategy that is an island-hopping method. It attacks suppliers which are of high value in victims chain rather than attacking partners which can be easily removed and replaced in the supply chain- in a ‘horizontal’ way rather than ‘vertical’ one. Expert says “If someone wanted to slow down the production, they can quickly identify the critical suppliers, the single sources which are unique in their role.”
The group appears to operate in the UTC+8 time zone and exploits the PlugX remote access Trojan, which has been used extensively by ATP10.
“It is very sophisticated and targeted the VPN which connected the company to Airbus,” the source said.
Airbus supplier sometimes operates using VPN, linking them with colleagues at the plane-maker. Avivore intrudes the supplier’ network through VPNs and other working tools. Precautions must be taken by imposing access limitations on supplier and partner usage of VPN, by preventing use outside business hours, restrictions on data and assets.
You may be interested in reading: EX – YAHOO EMPLOYEE SNEAKS INTO 6000 ACCOUNTS FOR SEXUAL CONTENT