One of the world’s largest cargo airlines, Atlas Air, has been claimed by a prominent ransomware cartel. The attackers’ post about the breach hints at a larger supply-chain attack targeting the American aerospace industry. Atlas Air denies its systems were penetrated.
-
Hacker claim theft of 1.2 terabytes of data from Atlas Air including Boeing aircraft technical information.
-
Aerospace supplier Tsunami Tsolutions was also allegedly breached days later with similar Boeing data exposure suggesting coordinated supply chain attack.
-
Stolen maintenance documents and repair reports could cause operational delays and expose billions in aerospace intellectual property.
-
Everest ransomware gang previously targeted Iron Mountain, ASUS, Nissan, and McDonald's India in recent high-profile attacks.
Atlas Air's name recently appeared on a dark web forum controlled by the Everest ransomware cartel. According to the attackers, they managed to syphon 1.2 terabytes of data from the major cargo airline, exposing sensitive technical data, including information on Boeing aircraft.
One of the largest operators of Boeing 747s, Atlas Air is among the top cargo airlines on the planet. The company’s last reported revenue before going private was $4.5 billion, with a staff of over 4,000.
In a response to Cybernews Atlas Air denied the company faced a data breach. However, we received no comment regarding the data attackers shared on the dark web.
“Thank you for your email. There were no breaches to our system,” Atlas Air representative said.
Meanwhile, the Cybernews research team investigated Everest’s post. According to our team, the attackers did not attach any data samples, only providing screenshots of the allegedly stolen data. Ransomware gangs often save samples for later if the company refuses to pay the ransom.
The team noticed a wide variety of technical data, including maintenance documents and repair reports for various aircraft, including Boeing models. Other data that the gang claims to have is repair and logistics documents, as well as internal operational company documents.
“Interestingly, we noticed a screenshot mentioning Malaysia Airlines, a company which does not seem to be directly connected to Atlas Air, making the addition look somewhat out of place,” our researchers said.
Everest is targeting similar companies
A couple of days after Everest claimed Atlas Air, the gang claimed another American aerospace company, Tsunami Tsolutions. The latter outfit offers engineering support and information solutions for companies in the aerospace industry.
We have reached out to Tsunami Tsolutions and will update this article after we receive a reply.
Our team also investigated the attacker's post on Tsunami Tsolutions, noting that the attackers resorted to adding only screenshots of the allegedly stolen data.
However, the information is similar to what was included in the Atlas Air post, including aircraft maintenance documents, parts catalogues, screenshots of what could be internal company software, and details on Atlas Air and United Airlines aircraft.
Unlike with Atlas Air, attackers specifically noted they took confidential information about Boeing aircraft from Tsunami Tsolutions. It’s worth noting that ransomware cartels often include major clients and their data to spook victims into paying, out of fear of losing key partners.
American aerospace industry under attack?
Since both companies were posted days apart, the team believes there is a possibility that both alleged data breaches could be connected.
Boeing, Atlas Air, and Tsunami Tsolutions appear to be involved in the same supply chain, with Atlas Air serving as an airline, Boeing as an aircraft supplier, and Tsunami Tsolutions specializing in aerospace materials and custom components.
“This could’ve been one larger attack that targeted both Atlas Air and Tsunami Tsolutions, to gain more leverage in the ransom negotiations. However, at this point, it is not clear which company may have been the weak link,” our team explained.
Exposing sensitive maintenance and technical data can have long-lasting effects on all parties involved. For example, if attackers chose to destroy maintenance reports, airlines could face operational delays over fears of malfunction oversight.
Another risk is losing intellectual property. Researching and engineering aircraft takes years and billions of dollars in investment, and competitors could obtain valuable insights from the leaked documents.
The attackers behind the alleged Atlas Air and Tsunami Tsolutions data breaches call themselves Everest. The gang is among the most notorious cyber cartels currently operating. Believed to be linked to Russia, the Everest gang first emerged in July 2021.
Recently, Everest targeted the major information management company Iron Mountain, the multinational electronics giant ASUS, the Japanese auto manufacturing giant Nissan, and the fast food giant McDonald’s in India.
Updated on February 12th [02:55 p.m. GMT] with a statement from Atlas Air.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked