News

Previously unknown governmental group Avivore attacked airbus

Researchers at Context Information Security have identified a new cybercriminal group Avivore, which has attacked Airbus several times over the past few months.

Attackers carried out cyber attacks on Airbus through the networks of French consulting company Expleo, British engine manufacturer Rolls Royce, and two unnamed Airbus suppliers.

Cybercriminals target large multinational and small engineering and consulting firms in supply chains.

As part of Island hopping attacks (attacks on supply chains), cybercriminals use the connection between the victim and its partners, for example, virtual private networks (VPNs), to penetrate computer networks.

“Previous reports of recent incidents involving the aerospace and defense industries have linked them to APT10 and the Ministry of State Security of Jiangsu Province [China]. Although the nature of the activity of criminals complicates attribution, the analysis of the campaign indicates a new group, which we called Avivore,” – said Oliver Fay, chief analyst of Context Information Security.

According to the researchers, the group uses the PlugX Remote Access Trojan (RAT), which was often used by APT10.

However, group tactics, techniques, and procedures, as well as infrastructure and other tools, significantly differ it from Chinese cybercriminals. This fact allowed experts concluding that Avivore is a previously unknown group sponsored by the government.

Read also: Criminals attacked US oil companies using Adwind Trojan

Criminals are “very capable”, because they skillfully use a technique called living-off-the-land (using local applications for malicious purposes) and mask their activities in the daily business activities of employees of target companies. They also maintain operational safety and remove all traces to avoid detection.

Based on the information and assets sought by AVIVORE, Context Information Security assesses with moderate confidence that the objective of the recent campaign was intellectual property theft from victim organizations.

Future Recommendations and Mitigations from Context Information Security:

  • Impose access limitations on supplier connections over VPNs and restrict access only to data and assets they require to perform their actions.
  • Ensure that security measures, such as multifactor authentication and enhanced auditing/logging are deployed to hosts and services into which suppliers are required to connect.
  • Ensure that external remote access services implement appropriate log retention. Logs should contain enough information on the sources of inbound connections to enable identification of anomalies, such as concurrent log-ins with impossible geography.
  • Ensure that credentials for highly privileged accounts and remote services are stored securely, and their use is appropriately monitored.
  • Where possible, applications, documentation and technical information related to network infrastructure and configuration of remote access services should be made available only to engineers and IT support staff.
Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

2 days ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

2 days ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

2 days ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

2 days ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

2 days ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

2 days ago