Canadian airplane manufacturer Bombardier acknowledged in a press released Tuesday, February 23, 2021, that it had suffered from a limited cybersecurity data breach. The threat actors posted some of the mined information on a data leak site on the dark web.
The Clop ransomware gang was reportedly responsible for the data breach. According to Bleeping Computer, the hackers were able to exploit a zero-day vulnerability found on a third-party file-transfer application.
In a press release, Bombardier said, “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.”
While the company did not name the application, Accellion has since issued a statement on the incident. In a statement, the content firewall provider said, that it “has identified UNC2546 as the criminal hacker behind the cyberattacks and data theft involving Accellion’s legacy File Transfer Appliance product.”
ZD Net states that Accellion FTA is a web server that companies use to host and share large files.
Following the disclosure of the cybersecurity incident, Bombardier states that around 300 of its customers were found using the Accellion FTA servers in question. Of this number, ZD Net reports that 100 customers have been attacked by the threat actors, while around 25 customers have had their data compromised and stolen.
Among the data made vulnerable by the attackers in the data breach include “personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted.”
With the compromised information obtained by the Clop ransomware gang, the attackers proceeded to extort money from the company by uploading the said data on the dark web.
Besides issuing a press release to the public, Bombardier said that it had already notified the relevant authorities, including law enforcement agencies, forensic professionals, and cybersecurity experts. The authorities in question assured that the security controls in place were already enough to limit the security data breach.
In addition, the Canadian airplane maker has also taken to notifying affected parties, including customers and stakeholders alike, about the incident.
As for Accellion, the company urges its customers to move over to kiteworks, the enterprise division on the content firewall platform. The firm also assured its users that it has provided the necessary patch for the flaws exploited in the hacking incident by the ransomware group.
