FBI hacker leaks Airbus data, threatens Lockheed and Raytheon

Airbus vendor data was posted on a popular English-language forum by supposedly the same attacker who infiltrated the FBI’s data-sharing network in 2022.

The attacker, who goes by the moniker “USDoD,” said they accessed European aerospace giant Airbus’ site by exploiting employee access from a Turkish Airline.

“This month, I got access to Airbus site using employee access from some Turkish airline, and this got me inside of a lot of stuff, plus their vendors' data, 3,200 records. It is their entire vendors’ data,” the attacker said.

Airbus leak
Attackers post on a hacker forum. Image by Cybernews.

The leaked data supposedly includes Airbus vendors’ sensitive data such as names, addresses, phone numbers, email addresses, job titles, departments, and other information.

The attacker said they would proceed to target US defense contractors such as Lockheed Martin and Raytheon.

Cyber-intelligence firm Hudson Rock investigated the alleged leak and discovered that the “USDoD” infected computer, in fact, belonged to an employee of Turkish Airlines and contained third-party login credential details for Airbus.

“Airbus’s CERT team was able to determine that the hack originated from the infected computer Hudson Rock identified,” researchers said in the report.

The device was likely infected after the victim tried downloading a pirated version of the Microsoft .NET framework containing a RedLine info-stealer, which allowed attackers to obtain the credentials.

Interestingly, “USDoD” updated the original post about the Airbus leak, apologizing to US citizens for uploading information on an aerospace company on September 11th.

Late last year, an attacker using the same name posted an ad on a now-defunct hacker forum offering to sell the database of the FBI’s file-sharing system “InfraGard.”