A hacker claims to have compromised one of Sudan’s few surviving airlines, dumping its internal manuals and security data onto a cybercrime marketplace.
Sudan’s key airline might have suffered a cyberattack. An attacker recently posted on a cybercrime forum, claiming to have 2.21GB of the Badr Airlines data, including controlled internal documents.
According to the claims, the documents date from June to July this year. The threat actor is selling the stash and wants to be paid in cryptocurrencies for the data.
The allegedly compromised data, according to the attacker, includes:
- Flight Dispatch Manuals
- More than 1,400 pages detailing operational policies, pilot training frameworks, and Boeing 737 technical procedures
- The Company Security Program Manual, which contains sensitive information on the airline’s security architecture and threat-response protocols
- A Safety Management System Manual, which outlines the carrier’s safety governance, organizational structure, and executive oversight duties
- Minimum Equipment Lists, which include fleet-level data, complete with aircraft registrations and serial numbers
- Ground Handling and SOP Manuals, which include standard operating procedures for B737 operations and ground-handling workflows
- Station Personnel Data, which includes full contact information for the Kigali station in Rwanda, including the Station Manager’s name, email address, and phone number
To back up their claims, the attacker included a data sample with the screenshot of the Flight Dispatch Manual. It remains unclear if the claims of holding other sensitive documents are true.
“If the claims prove to be true and the threat actor has these other documents, there could potentially be an increase in social engineering attacks, and operational protocols may reveal internal workflows that can be later used for extortion,” the Cybernews research team explained.
Cybernews has reached out to the airlines for a comment, but a response has not yet been received. Badr Airlines is a privately-owned Sudanese airline based in the capital city of Khartoum. The company serves both general transportation services and humanitarian aid.
Despite the near-collapse of much of Sudan’s civil aviation infrastructure after fighting, Badr remains one of the few civilian flight operators.
Established in 2004, the carrier provides domestic, regional passenger, cargo, and VIP charter services, connecting Sudan with countries in the Middle East and Africa. The airline boasts annual revenue of $56 million.
Uneasy times for the aviation sector
This year has been shaky for the aviation sector, which has been hit by major cyberattacks. Just last month, a Russia-related ransomware gang, known as Everest Ransomware, targeted the Spanish airline Iberia.
The gang said the data includes customer names, contact details, birthdates, travel and booking information, masked card data, and marketing profiles. The group also claims it has had “long-term, unfettered access” to all bookings, with the ability to view and edit them.
The company confirmed the incident and sent information to all affected customers. However, it downplayed the impact of the attack.
Another aviation giant, Collins Aerospace, suffered an attack that froze European airports. The company’s MUSE check-in software, which is used by several major European airports to manage check-in and boarding systems, was also targeted by Everest Ransomware.
The group ultimately released 23GB of data allegedly belonging to Collins Aerospace on the dark web.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked