French Airbus and Boeing Parts Supplier Confirms Data Breach

Major French suppliers for Airbus and Boeing, LISI Group, confirmed a data breach over the weekend. Russian-linked Ransomware group Qilin claimed they’re responsible for the attack. They posted samples of the data they stole on their leak site to back up their claims.

Briefly About the LISI Data Breach

LISI Group is a very big company that’s into aircraft parts manufacturing and generates revenues of around $2.1 billion every year. This company supplies parts to aircraft manufacturers Airbus and Boeing, and other big automotive companies like Volkswagen and Stellantis.

Ransomware group Qilin recently made bold claims on their dark web leak site, saying they attacked LISI and stole enormous amounts of confidential information. They even provided samples to show they were telling the truth. According to security researchers, the samples the group posted paint a concerning picture of the kind of information now in their hands.

The hackers took screenshots of bank transfers dating all the way back to 2016. Sales plans, internal business files, and documents containing bank account details that probably belong to LISI were part of the stash.

Also, they compromised employee information, along with consent forms, confidential agreements, and full names, phone numbers, and addresses. Reports suggest that even documents related to LISI Group partners like Bodycore were among the stolen data.

Now, information like this is a dangerous weapon in the wrong hands. Bank account details can fuel the risk of financial fraud, and bad actors could use employee information to cook up oddly specific phishing campaigns.

And let’s not forget the potential loss of intellectual properties should the sales plans and internal documents reach the company’s competitors.

LISI Group’s Response to the Security Breach

After the attackers’ dark web post, the CEO of LISI Group, Emmanuel Viellard, confirmed the breach. The company said it affected their aerospace division, but didn’t clarify the exact scope of impact.

Investigation revealed that the breach affected only two smaller sites. Viellard noted that LISI’s IT systems aren’t linked to these sites, so other aerospace and automotive sites remain intact.

LISI Group also stated that they never halted operations due to this incident. And the attack didn’t compromise their broader infrastructure. Additionally, they immediately notified stakeholders who were affected.

Meanwhile, other French investigations are looking into allegations that span decades, including the probe into the Al-Fayed family for exploitation and trafficking, reminding us that while cyberattacks make headlines, crimes against persons remain a priority for prosecutors.

Who is the Qiling Ransomware Gang?

Qiling quickly became prominent as one the most active ransomware gangs around after their first appearance in 2022. This gang allegedly has links with Russia. They target both healthcare, manufacturing, and government agencies, and recently started targeting transport companies, as well.

They have a long list of victims. Last month, Qilin claimed they attacked Tulsa International Airport and shared the organization’s internal documents online. Last year, they went after SK Telecom. Habib Bank AG Zurich, MedImpact, Volkswagen Group France, Asahi Holdings in Japan, top gaming company IGT are all on their list of victims. US newspaper group Lee Enterprises and Nissan Japan’s design subsidiary are also Qilin ransomware victims.

This group has reportedly hit 1,455 organizations since 2023, and the list continues to grow. LISI Group must act fast to contain damage; otherwise, legal actions, fines, and reputational damage and loss of trust from clients will come next.