Leaked aircraft maintenance files spark security fears after alleged Avcon hack

Published: 5 June 2026
avcon allegedly hit by ransomware

A Russia-linked ransomware group has claimed responsibility for an attack on the European aviation firm Avcon after publishing alleged internal documents on the dark web, raising fresh concerns about aviation security.

Key takeaways:
  • Qilin ransomware group claimed an attack on Avcon Jet, an Austrian business aviation company with over €250 million in annual revenue, publishing alleged internal documents on its dark web leak site.
  • Highly sensitive data was exposed, including employee passports and CVs, aircraft maintenance work orders, export airworthiness certificates, training records, and the company's own cyber incident response plan.
  • xposed maintenance documents could reveal recurring aircraft issues, and leaked incident response plans give attackers a blueprint to bypass Avcon's defenses in future attacks.
  • Employees whose passport data and personal records were exfiltrated are now prime targets for identity theft and social engineering.

Avcon Jet, one of Europe's major business aviation companies, has landed on a Russia-linked ransomware site on the dark web. The Qilin gang has claimed responsibility for exfiltrating internal company data.

ADVERTISEMENT

Avcon Jet is an Austrian private aviation company specializing in business jet management and charter flights, operating across Europe and internationally. The company generates over €250 million in annual revenue.

The threat actor published a series of sample images allegedly taken from Avcon’s systems, showcasing what appears to be highly sensitive operational and personnel documentation. The provided data samples included sensitive customer information, such as:

  • Passport pictures and CVs of Avcon employees
  • Aircraft maintenance work orders
  • Applications for Export Certificate of Airworthiness, a document that certifies that an aircraft being exported to another country meets its design requirements
  • Employee training completion documents
  • Cyber incident response plan documents
avcon 2
Source: Cybernews

Data theft could result in operational disruptions

If authentic, the exposed data could carry both personal and operational risks for the company and its staff. The staff whose data was exfiltrated is at higher risk of identity theft and social engineering attacks.

Cybersecurity researchers note that the leaked documents extend beyond typical corporate data exposure and into areas that may directly impact aviation safety workflows and internal security procedures.“

avcon
Screenshot of data sample. Source: Cybernews
ADVERTISEMENT

The company might face more targeted cyberattacks that bypass incident response measures since these are exposed. Also, exposed maintenance documents could increase operational security risks since they could reveal recurring issues related to a particular aircraft,” Cybernews researchers noted.
Cybernews has reached out to Avcon for a comment, but a response has not yet been received.

Qilin – Russia-linked attackers

First identified in 2022, Qilin operates as a ransomware-as-a-service (RaaS) model. This means that the gang’s affiliates can deploy its malware and leverage Qilin’s negotiation infrastructure in exchange for a cut of ransom payments.

In January, the gang claimed breaches of Tulsa International Airport, the Italian diving gear brand Cressi, as well as luxury faucet-maker Moen.

The group escalated in the following months by targeting critical infrastructure and major corporations, including Airbus and Boeing aerospace supplier LISI Group, Malaysia Airlines, a US power provider, Tennessee Valley Electric Cooperative, and a German political party, Die Linke.

High-profile claims in 2025 included Japan's Asahi Holdings, digital gaming giant International Game Technology (IGT), Korea’s SK Group, US newspaper group Lee Enterprises, Nissan Japan's design arm, Creative Box, and Scientology.

Hackers are eying the aviation sector

The previous few months have been quite intense for airlines, as multiple threat actors have targeted them worldwide. Just recently, the UK's biggest operator, British Airways, had its data allegedly stolen and posted on a hacker forum. The attackers claimed they had exfiltrated data from pilot and crew members.

Last year, in June, attackers claimed access to Cyprus Airways’ passenger data and internal systems. In the same month, a suspected ransomware attack disrupted Hawaiian Airlines' operations.

By autumn, the Cl0p ransomware gang, infamous for the MOVEit carnage, was back breaching American Airlines through its regional carrier Envoy Air.

ADVERTISEMENT

A separate attack on Collins Aerospace disrupted operations at European airports, with check-in and boarding systems down at Heathrow, Brussels, Berlin, Dublin, and Cork.

Spanish carrier Iberia also confirmed a data breach that exposed customer information. In 2026, Qilin ransomware targeted Malaysia Airlines, potentially stealing passengers’ data.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked