-
Cyber thieves claim they hijacked 1.2 terabytes of data from Atlas Air, alongside the technical information of Boeing aircraft.
-
Aerospace supplier Tsunami Tsolutions was allegedly breached days later with similar Boeing data exposure, proposing planned attack on the supply chain.
-
Stolen repair reports and maintenance documents could result in delays in operation and give away huge intellectual property of the aerospace industry.
The Everest ransomware cartel recently posted Atlas Air’s name on a dark web forum. One of the world’s largest cargo airlines just became its latest claimed victim.
According to the hackers who hacked into this giant freight company, they successfully obtained 1.2 trillion bytes (1.2 terabytes) worth of private information from the company, of which a portion is technical data related to the manufacture of Boeing aircraft.
Atlas Air has one of the world’s largest fleets of Boeing 747 cargo aircraft in existence and is one of the world’s leading cargo airlines. Before going private, Atlas Air reported $4.5 billion in revenue with over 4,000 employees.
Atlas Air denied the breach when contacted by the organization. An Atlas Air representative said, “Thank you for your email. Our system had no breaches.” However, the company provided no comment about the data samples attackers shared on the dark web.
What the Hackers Claim They Stole
The research team working with the organization investigated the post of Everest on the dark web. The attackers didn’t attach data samples initially, only producing screenshots of the data they claim to have in their possession. Bad actors often save samples for later if companies refuse to pay.
The team noticed a wide variety of technical data. Maintenance documents and repair reports for various aircraft dominated the collection, including Boeing models. Other data the gang claims to have includes repair and logistics documents, as well as internal operational company files.
Researchers said, “Interestingly, we found a screenshot tagging Malaysia Airlines, even though it has no clear link to Atlas Air, which makes the inclusion appear out of place.”
Second Aerospace Company Hit Days Later
Everest claimed another American aerospace company just days after posting about Atlas Air. The gang’s second target was Tsunami Tsolutions. This outfit offers engineering support and information solutions for companies in the aerospace industry.
The research team investigated the Tsunami Tsolutions post as well. The attackers again resorted to adding only screenshots of allegedly stolen data. However, the information mirrors what appeared in the Atlas Air post: catalogues of parts, documents of aircraft maintenance, screenshots of possibly internal company software, and details on Atlas Air and United Airlines aircraft.
Unlike with Atlas Air, attackers specifically noted they took confidential information about Boeing aircraft from Tsunami Tsolutions. Ransomware cartels often include major clients and their data to lure victims into making a payment, fearing losing major partners.
Signs Point to Coordinated Supply Chain Attack
The team believes there’s a possibility that both alleged data breaches could be connected, since both companies were posted days apart. Boeing, Atlas Air, and Tsunami Tsolutions appear to be involved in the same supply chain. Atlas Air serves as an airline, Boeing supplies aircraft, and Tsunami Tsolutions specializes in aerospace materials and custom components.
The team explained, “This attack could’ve come as one huge hit targeting both Tsunami Tsolutions and Atlas Air, for more leverage in negotiating the ransom. However, right now, it isn’t certain which company may have been the weak link.”
Exposing sensitive maintenance and technical data can have long-lasting effects on all parties involved. If attackers chose to destroy maintenance reports, airlines could encounter delays in operation, fearing potential oversight of a malfunction.
Another risk is losing intellectual property. It takes years of billion-dollar investments to research and engineer aircraft, now competitors could gain leverage over the company due to the leaked files.
The bad group responsible for the alleged Tsunami Tsolutions and Atlas Air data breaches poses as Everest. This group ranks among the top nefarious cyber criminals still on motion. The Everest group, widely believed to be linked to Russia, first emerged in July 2021.
Their growing infamy recently reached new heights when the ransomware gang claimed a historic breach of Iron Mountain, threatening clients worldwide by compromising one of the most sensitive data management firms on the planet.
Everest recently targeted major companies across multiple industries. The key information management firm, Iron Mountain, fell victim to their attacks. The electronics giant popular across nations, ASUS, the Japanese autos giant, Nissan, as well as the fast food leader in India, McDonald’s, all faced breaches from this group as well.
This latest campaign shows the gang’s evolving tactics. The entire supply chain is their focus to put the most pressure on all parties involved and get the maximum amount of money they can from those companies.
This mirrors a growing trend in cybercrime where attackers target manufacturers to reach bigger tech giants, as seen in the recent major tech supply chain breach where Apple and Nvidia data were stolen in a Luxshare ransomware attack.
The aerospace industry now faces major challenges to its supply chains, operational continuity, and the security of critical aviation systems.
