VT San Antonio Aerospace

VT San Antonio Aerospace, also known as ST Engineering Aerospace San Antonio, is a United States-based aerospace maintenance provider operating as a subsidiary of ST Engineering. The company's core business involves maintenance, repair, and overhaul (MRO) services for commercial aircraft, supporting the global aviation industry from its facility in San Antonio, Texas. Its work encompasses a range of technical services essential for aircraft airworthiness and operational readiness, serving airline customers and aircraft operators. The organization functions within the highly regulated aerospace sector, adhering to stringent safety and certification standards required for commercial aviation maintenance. Its position as a subsidiary integrates it into the larger international network of ST Engineering, a global technology, defense, and aerospace group headquartered in Singapore.

The company's operational context was notably defined by a significant cybersecurity incident in April 2020. Attackers from the Maze ransomware group gained initial access to the network using compromised administrator credentials. This breach allowed the threat actors to move laterally, compromising domain controllers and servers across the network. The attackers encrypted systems and exfiltrated approximately 1.5 terabytes of unencrypted files, which included sensitive corporate information such as financial data and insurance contracts. Following the discovery of the attack, the company implemented its incident response plan, which involved disconnecting affected systems from the network to contain the spread. Operations were restored within days with the assistance of external forensic experts and coordination with law enforcement authorities. The incident's impact was reported to be limited to the company's U.S. commercial operations. The data theft component of the attack included a partial leak of the stolen information by the perpetrators as leverage, a common tactic associated with the Maze group. This security event subsequently prompted ongoing internal investigations and the implementation of enhanced security measures to better protect the entrusted data of its clients and partners.