Airbus Data Breach Exposes 3,200 Vendors’ Personal Details

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

European commercial aircraft manufacturer Airbus confirmed a data breach incident that exposed sensitive information of its suppliers. The breach is said to have occurred with the help of an info-stealing malware that was deployed using pirated software.

The incident first came to light when Israel-based cybercrime intelligence firm, Hudson Rock revealed that a threat actor nicknamed ‘’USDoD’’ had published the stolen data to the BreachForums website.

The group, which claims to have recently joined the notorious ransomware group ‘’Ransomed,” posted that the Airbus published vendor data included prominent names like Rockwell Collins and Thales Group. It included details like the names, email IDs, addresses, and phone numbers of around 3,200 Airbus vendors.

The threat actors allegedly claimed to have infiltrated Airbus’ network via a compromised account of a Turkish Airline employee. The initial victim’s system is said to contain third-party login credentials for Airbus.

‘’The victim likely attempted to download a pirated version of the Microsoft .NET framework, as indicated in the malware path. [..] fell victim to a threat actor utilizing the commonly employed RedLine info-stealing family,’’ Hudson Rock revealed.

It further went on to say that ‘’credentials obtained from info-stealer infections, which have become the primary initial attack vector in recent years, provide threat actors with easy entry points into companies, facilitating data breaches and ransomware attacks.’’

Airbus on the other hand after receiving Hudson Rock’s notification immediately launched an investigation into the incident. It also deployed remedial measures to prevent any further damage to its security system.

The hacker ‘‘USDoD’’ is said to be associated with the December 2022 data breach and sale of FBI’s information sharing system, ‘’InfraGard,’’ a database containing details of nearly 80,000 government, business, and military individuals. Moreover, it has also claimed that its potential future targets include defense contractors like Lockheed Martin and Raytheon.

CoinEx Confirms Millions Stolen in Crypto Heist

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a September 12 announcement, cryptocurrency exchange CoinEx confirmed that it had fallen victim to a crypto heist. resulting in an alleged theft of $53 million.

In a post on its website, the Hong Kong- headquartered company announced that its Risk Control System had ‘’detected anomalous withdrawals from several hot wallet addresses used for temporary storage of user assets on CoinEx exchange.”

After the initial investigation, the company disclosed that the theft was caused due to the leakage of a hot wallet private key. This resulted in unauthorized transactions involving Ethereum (ETH), Tron (TRON), and Polygon (MATIC) cryptocurrency.

Although the exact amount is yet to be disclosed by CoinEx, investigations by blockchain security firms PeckShield and CertiK Alert estimate the losses to be a total of $31 million and $53 million, respectively.

In a post on X (formerly Twitter), PeckShield stated that following the theft CoinEx was drained of $19M in Ethereum (ETH), $11.5M in TRON, and $295k in Polygon (MATIC). The remaining $72 million have been transferred to the company-controlled cold wallet for safe keeping.

Furthermore, the exchange platform has taken other precautionary measures like, rebuilding and redeploying the wallet system, freezing malicious actors’ assets, suspending deposits and withdrawal services of all crypto assets, as well as an emergency closure of the hot wallet server.

These services are expected to resume once the company’s IT security teams ensure that all the incident-related risks are eliminated. It has also published a list of suspicious addresses involved in the incident and urged other exchange platforms and relevant project teams to freeze the fund movement across these published email addresses.

It also assured its customers that their assets were safe, ‘’CoinEx solemnly promises that users’ assets have NOT been, and will NOT be affected in this attack, and the CoinEx User Asset Security Foundation will bear the financial losses from this incident,’’ the post read. It has also advised its customers to avoid potential asset losses by not making any deposits to their old addresses, until CoinEx’s system recovery process is complete.