Business jet manufacturer Bombardier is the latest company to be extorted by the Cl0p ransomware gang after they exploited a zero-day vulnerability in Accellion FTA to steal company data hosted on the third-party service. Bombardier is one of the world’s leading business jet manufacturers and has about 16,000 employees, generating approximately $6.5 billion in revenue in 2020. The Clop ransomware gang has posted data that was stolen from the jet manufacturer on their data leak site. The data includes airplane designs, parts schematics, and flight test reports. Bombardier released a statement, “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.” In subsequent communications, Bombardier confirmed that the file transfer referenced is Accellion. This file-sharing program has been involved in several data breaches since December 2020. As part of this incident, the company also states that the attackers have stolen employee, customer, and supplier data. Accellion FTA is a legacy, 20-year-old file transfer service used by organizations to share sensitive files with people outside of their organization. In December, a threat actor began exploited a zero-day vulnerability in the Accellion FTA devices that allowed the theft of data stored on servers. Companies leaked on Cl0p’s data leak site include Singtel, Jones Day, Fugro, Danahar, and ABS Group.
Analyst Notes
Users of the Accellion FTA system are encouraged to upgrade their system to the new kiteworks version of their software as they have stated that are planning the end-of-life of their legacy program due to this recent security breach. Individuals and organizations that are impacted by this latest breach of the Bombardier systems are recommended to contact the company to find out the extent of the incident and to be wary of the unauthorized use of their information.
Source Article: https://www.bleepingcomputer.com/news/security/ransomware-gang-extorts-jet-maker-bombardier-after-accellion-breach/