Boeing and Airbus Supplier Hacked By Unknown Criminals

This week, we hear the latest on the FACC AG data breach and the emergence of the Dorkbot malware.

Breach

Boeing and Airbus supplier hacked by unknown criminals

FACC AG, an Austrian-based company, posted on January 20 that they were the victim of a data breach in which cyber criminals managed to steal 50 million Euros ($55 million) from the company’s financial accounting department. This will be one of the biggest losses after an event of this size, and FACC AG has already seen a significant drop in their stock price, closing 17% lower.

In a FACC statement, they claim that no intellectual property was stolen and that the hack would not affect their operations. An interesting aspect of this hack is the fact that FACC AG’s largest investor is a Chinese company, Aviation Industry Corporation, and China is constantly linked with cybercrime and hacking events. FACC AG has reported this attack to Austrian officials and has begun a forensic investigation into the extent of the damage caused.

References: Cyber Hit on China-Owned Boeing Supplier Sends Stock Down 19% | Boeing Supplier Partly Owned by China is Defrauded | Hackers Steal $55 million From Boeing Supplier

Mitigation Strategies:

  • Network traffic analysis to detect data exfiltration
  • 24x7 Security Monitoring to provide anomaly detection
  • Log management could detect failed login attempts via a brute force attack
  • IDS may detect external IP information from the attacker if deemed malicious

Malware

Dorkbot malware steals information in Indian cyberspace.

A new piece of malware has been seen affecting operating systems running on Windows and stealing sensitive personal data and passwords of users. The Dorkbot malware perpetrates itself through social networking sites and by disguising itself from anti-virus solutions in cmd.exe, explorer.exe, ipconfig.exe files.

Once the malware has infected a system, it can collect system information such as operating system information, user privileges, apps, stored passwords, and browser data. The Computer Emergency Response Team of India (CERT-In) has alerted users to the malicious activity of these Dorkbots and has offered some counter-measures in order to protect systems from being infected. 

References: Password-Stealing 'Dorkbot' Worm Prowling Indian Cyberspace: CERT-In

Mitigation Strategies:

Top 20 IP Addresses

46.109.168.179 118.170.130.207
81.183.56.217 188.118.2.26
5.101.172.166 218.248.255.209
218.248.245.1 118.21.154.199
104.223.72.173 114.44.192.128
222.186.56.133 59.174.111.100
59.45.79.117 87.222.67.194
109.234.32.0/21 203.69.195.92
183.3.202.112 94.103.80.0/22
51.254.51.179 183.60.48.25

*IP addresses provided by Recorded Future.