Cyber Incident Victim: Airbus
Date:
Sep 2019
Location:
France
Summary
A series of cyber attacks targeted Airbus through its suppliers, including technology consultancy Expleo, engine maker Rolls Royce, and unidentified subcontractors. The attackers sought information related to engines for the A400M military transport aircraft and A350 airliner, with security sources noting suspected links to Chinese intelligence groups though no definitive attribution was made. The company acknowledged ongoing cyber threats and stated it continuously monitors such events with detection systems while implementing protective measures. Previous incidents had resulted in data breaches, though the specific operational impact of these attacks remained unclear. The incidents highlighted supply chain vulnerabilities, with attackers exploiting third-party access points to pursue sensitive aerospace data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In 2019, Airbus faced a series of cyber attacks targeting its commercial and military aircraft programs through compromised third-party suppliers. Between September 2018 and September 2019, hackers executed at least four major intrusion campaigns against the aerospace manufacturer, with some attacks dating back further according to security sources cited by AFP. The attackers exploited vulnerabilities in the computer systems of multiple Airbus contractors to gain indirect access to sensitive data. Specifically named suppliers included French technology consultancy Expleo, engine manufacturer Rolls-Royce, and two unidentified French subcontractors. The threat actors focused on extracting technical information related to propulsion systems, particularly engine specifications for the A400M military transport aircraft and the A350 commercial airliner. Security analysts observed operational patterns suggesting coordination with Chinese state-sponsored hacking groups, though no formal attribution was confirmed. This targeting aligned with prior U.S. Justice Department allegations from 2018 regarding Chinese intelligence operatives stealing jet engine technology from CFM International, a joint venture supplying both Airbus and Boeing.
Airbus publicly acknowledged awareness of these cyber events through a corporate statement confirming its status as a frequent target of malicious acts. The company emphasized continuous monitoring through dedicated detection systems and implementation of protective measures, though no specific technical or operational countermeasures were detailed. While Airbus had disclosed a separate data breach in January 2019, the AFP report did not confirm whether these supplier-focused attacks resulted in additional data exfiltration or operational disruption. Investigations remained ongoing regarding the full scope of compromised systems and data categories. Chinese authorities consistently denied involvement in cyber espionage operations and did not respond to requests for comment on these specific incidents. The attacks highlighted persistent targeting of aerospace supply chains, with threat actors leveraging third-party network access as an intrusion vector against primary defense contractors.