Airbus has released a statement saying that they have been the victim of another cyber-attack, marking the fourth time in the past twelve months that the company has had to disclose information such as this. Trying to steal trade secrets and proprietary information from the company, hackers attacked the third-party companies that Airbus uses, such as Roll-Royce engine manufacturers and their supply company, Expleo. By attacking the VPN that Expleo used, attackers managed to get into their network. The VPN they managed to attack also connected Expleo employees to Airbus, which made it easy for the attackers to gain access to the information they were looking for from Airbus. This type of attack method was used in other attacks targeting Airbus in the past. These attacks into Airbus have not been credited to any person or group and it was not disclosed if they managed to steal any information, but the type of information that is being targeted is typically sought-after by nation-state actors. Companies that deal with this type of technology and trade secrets will always be targeted by attackers trying to steal sensitive information.
Third-party companies will always be one of the biggest risks to a company. When dealing with sensitive information it is more imperative than ever to make sure everything is locked down. Though a VPN, in this case, would seem like a safe option, there is no guarantee that the company that is accessing yours through a VPN has the best security practices on their end.