Business jet manufacturer Bombardier is the latest company to be extorted by the Cl0p ransomware gang after they exploited a zero-day vulnerability in Accellion FTA to steal company data hosted on the third-party service. Bombardier is one of the world’s leading business jet manufacturers and has about 16,000 employees, generating approximately $6.5 billion in revenue in 2020. The Clop ransomware gang has posted data that was stolen from the jet manufacturer on their data leak site. The data includes airplane designs, parts schematics, and flight test reports. Bombardier released a statement, “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.” In subsequent communications, Bombardier confirmed that the file transfer referenced is Accellion. This file-sharing program has been involved in several data breaches since December 2020. As part of this incident, the company also states that the attackers have stolen employee, customer, and supplier data. Accellion FTA is a legacy, 20-year-old file transfer service used by organizations to share sensitive files with people outside of their organization. In December, a threat actor began exploited a zero-day vulnerability in the Accellion FTA devices that allowed the theft of data stored on servers. Companies leaked on Cl0p’s data leak site include Singtel, Jones Day, Fugro, Danahar, and ABS Group.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is