Jet-maker Bombardier confirmed on Wednesday that it had been a victim of a cybersecurity breach on what it described as purpose-built servers, which were isolated from the main Bombardier IT network. Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised, with about 130 employees located in Costa Rica impacted, the company said in its statement.
Bombardier, however, described the attack as “limited.” The company said in its statement that it “was not specifically targeted—the vulnerability impacted multiple organizations using the application,” without naming the application.
The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers, Bombardier said. Manufacturing and customer support operations have not been impacted or interrupted. The Canadian maker also did not release information on what was specifically targeted, or what vulnerability affected multiple organizations using the software.
“Bombardier will continue to assess the situation and stay in close contact with its clients, suppliers and employees, as well as other stakeholders,” the statement added.
An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, according to the company. Bombardier is currently in over 12 countries, including its production/engineering sites and its customer support network.
In line with established cybersecurity procedures and policies, Bombardier initiated its response protocol upon detection of the data security incident. As part of its investigation, Bombardier sought the services of cybersecurity and forensic professionals, who provided external confirmation that the company’s security controls were effective in limiting the scope and extent of the incident.
The attack on Bombardier may be an extension of widespread hacking involving Accellion’s file transfer appliance product, according to reports.
Earlier this week, IT services provider Accellion released details that Mandiant, a division of FireEye Inc., had identified UNC2546 as the criminal hacker behind the cyberattacks and data theft involving Accellion’s File Transfer Appliance product. “Some of the published victim data appears to have been stolen using the DEWMODE web shell,” the statement added. Mandiant is tracking the subsequent extortion activity under a separate threat cluster, UNC2582.
Following the vulnerabilities detected in the Accellion File Transfer Appliance, cybersecurity authorities of Australia, New Zealand, Singapore, the U.K, and the U.S. have released a Joint Cybersecurity Advisory. Global hackers have exploited these loopholes to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors.
With the Accellion file transfer application that is used to share files, attackers have from mid-December taken advantage of four vulnerabilities to target FTA customers. In one incident, an attack on an SLTT organization potentially included the breach of confidential organizational data. In some instances observed, the attacker is believed to have extorted money from victim organizations to prevent public release of information exfiltrated from the compromised Accellion appliance.
On Wednesday, IBM Security X-Force released data that found that in 2020 manufacturing organizations were faced with an onslaught of ransomware and other attacks. The manufacturing industry overall was the second most targeted, followed by finance and insurance, having been the eighth most targeted industry in 2019. This is likely to have been driven by the interest that malicious actors have in targeting infrastructure with connections to operational technology (OT).
Likewise, the energy sector jumped from ninth place in 2019 to third place in 2020, further underscoring attackers’ focus on industrial control systems (ICS) incidents and OT-connected organizations last year.