ANSSI takes a closer look at the threat to the aerospace sector
Earlier this week, the agency published a very detailed report on the various attacks they have targeted at the suppliers of some major European industrialists, particularly at the level of aeronautics.
recalls that towards the end of September, the French News Agency announced that the European aviation giant Airbus had been the target of cyberattacks since the beginning of the year or even before that. Attacks that have focused mainly on it's subcontractors. These computer attacks: "launched through subcontractors" have been repeated and does not seem to be really stopped: "by targeting one or more intermediaries (supplier, provider, etc.), attackers manage to circumvent the security measures of very large organizations, yet increasingly aware of the digital risk (…) compromise of a single intermediary is sometimes enough to gain access to several organizations."
This article will also interest you: Airbus, victim of repeated computer attack
several providers were as a result of his cases arrested and placed under surveillance by the agency for a better apprehension of the case. Among these providers, we have the Altran and Expleo (formerly Assystem). Attacks Airbus suppliers were intended to infiltrate the VPN used by Airbus to make contact with them. It has been revealed that Subcontractors of the European giant aeronautics suffered hundreds of such attacks per day.
The National Information Systems Security Agency (Anssi) noted that those responsible for these cyberattacks aimed to "take a position on the provider networks in order to recover the data, or even access to the networks, of their customers" as well as the content of some of the items that would have been obtained "following the handling of incidents following this pattern of attack". The channel of attack as described by the agency would begin with exploiting "vulnerabilities on services exposed on the Internet and insecure." This is reminiscent of the alert to be launched by the cybersecurity structure Cert-FR last summer regarding the vulnerability of the various servers on which the data of these companies targeted by cyber criminals were usually hosted. Moreover, the hackers behind these various attacks often allow themselves to use traditional phishing techniques by sending booby-trapped emails.
the report produced by the agency warns anomalies in VPN connections: " users connecting to corporate VPNs from an exit node public VPNs are anomalies." As a result, the National Security Agency training systems will try to guide teams of security researchers to the paths to be followed to combat the vulnerabilities that could be use the culprits of these intrusions.
The report has not forgotten to mention what the journalists of the French Press Agency had previously revealed. Behind these computer attacks are chinese-born hacker groups consisting of APT-type teams. THIS IS BASED ON THE PROBABILITY OF THE APT 10 HACKERS. Several cybersecurity structures have attempted to confirm this hypothesis, including Microsoft. Context Information Security states that "if involvement ca[d’APT10 ou du ministère de la Sécurité intérieure de la province de Jiangsu]nnot be ruled out, the available evidence suggests that this campaign is the work of a separate group."
Now access an unlimited number of passwords: