Cyber Incident Victim: Aeropuerto Internacional de Querétaro
Date:
Oct 2023
Location:
Mexico
Summary
The Querétaro Intercontinental Airport experienced a cyberattack traced to an employee downloading malware-laden files, prompting engagement with cybersecurity experts to address the incident. Operational systems remained functional with no compromise to safety, and response teams contained the attack while downplaying the significance of any exfiltrated data as publicly available. The LockBit ransomware gang claimed responsibility for the breach, threatening to leak stolen information, though airport officials maintained operational continuity and notified relevant authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 30, 2023, Aeropuerto Internacional de Querétaro (AIQ) confirmed via social media that it was responding to a cyberattack, engaging external experts to address the incident while maintaining normal system operations. The airport emphasized passenger safety and operational continuity as priorities, stating no disruptions occurred despite the breach. Officials attributed the attack to an employee downloading a malware-infected file, which initiated the compromise. The response team contained and isolated the threat, preventing operational security compromises. AIQ asserted that any exfiltrated data was already publicly accessible, though specifics about the data type or volume were undisclosed. Relevant authorities were notified per standard protocols, though no further details about law enforcement or regulatory involvement were provided. The airport’s announcement followed its rise as a major transportation hub, having served over 1.1 million passengers in 2022 and functioning as a cargo nexus for Mexico, the U.S., and Europe.
The LockBit ransomware gang claimed responsibility for the attack on October 29, threatening to leak stolen data by November 27 if demands were unmet. This declaration coincided with LockBit’s separate claim against Boeing, though Boeing’s incident remained distinct from AIQ’s breach. Aviation sector vulnerabilities were underscored by concurrent attacks, including European aerospace firm Airbus investigating a vendor data leak and Accelya’s BlackCat-linked ransomware incident in 2022. Historical precedents included DDoS attacks on U.S. airports by Russia-aligned actors and breaches at airlines like Air India and Scandinavian Airlines. AIQ’s containment measures mirrored responses by Jeppesen, a Boeing subsidiary, which mitigated a 2022 cybersecurity event causing flight disruptions. No passenger data leaks, financial losses, or flight delays were confirmed at AIQ, with the focus remaining on forensic analysis and system integrity verification.