Details for a military spy plane appear to been leaked on the dark web by hackers as its believed manufacturer Bombardier refused to pay a ransom.
Canadian business jet manufacturer Bombardier, whose Global 6000 jet is used for Saab’s GlobalEye spy plane system, announced on Tuesday that it recently suffered ‘a limited cybersecurity breach.’
The leak, posted to the darkweb site CL0P^_- LEAKS, appears to specifications and mechanics for the GlobalEye airborne early warning and control platform developed by the Swedish defense company Saab.
The leak also included confidential information about customers, suppliers and employees.
‘Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised,’ the company said in its statement.
A screenshot of documents posted to Clop Leaks appears to show Saab’s GlobalEye radar defense system attached to a Bombardier private jet in a schematics picture
DailyMail.com has reached out to Saab and Bombadier for additional information and comment about the documents.
GlobalEye is ‘a surveillance solution that ensures quick and accurate coverage of vast distances of air, sea or land, with the ability to switch between surveillance areas in an instant.’ according to Saab’s website.
Countries currently using Saab’s GlobalEye AEW&C plane include Mexico, Brazil, Greece, Pakistan, Thailand, the United Arab Emirates and Sweden, according to a press release from the company.
In its press release, Bombardier did not directly comment on the Clop’s leak of the plane schematics.
Information posted to the Clop site indicate a number of corporate documents, including flight test reports and parts schematics, were stolen.
‘The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted,’ according to the release.
Bombardier said about 130 employees located in Costa Rica were impacted by the hack and the company has been contacting stakeholders including customers and employees whose data was potentially compromised.
It was not immediately clear if Bombardier was extorted and if more data is being held ransom and could be leaked further due to non-payment.
DailyMail.com has reached out to Bombardier for more information about the hacking incident.
The company confirmed to ITWorldCanada.com that Acellion’s FTA file transfer application was the vulnerable application.
The Clop site was launched in March 2020 to publish data stolen from non-paying victims held hostage using the ransomware, according to the cyber-security company Cyware.
The Clop leaks recently made news after it was revealed the group is believed to have hacked Accellion’s FTA, an application that allows businesses to securely transfer large files.
Numerous companies have recently appeared to have fallen fall victim to the Clop ransomware, including the law firm Jones Day, which represents former President Donald Trump.
Organizations that were breached via FTA include the Reserve Bank of New Zealand, the Australian Securities and Investment Commission and Colorado University.
A screenshot from FireEye research shows an example of ransom notes sent to companies hit with CLOP ransomware
FireEye research shows a relation between companies hit by the CLOP ransomware and believes the group FIN11 is behind the attacks
The financial cyber-crime gang FIN11 is believed to be behind the series of Clop ransom campaigns, according to Infosecurity Magazine.
The cyber-security company FireEye said in research published on Monday that FIN11 previously published stolen victim data from CLOP ransomware attacks on the same .onion site.
‘However, in recent CLOP extortion incidents, no ransomware was deployed nor were the other hallmarks of FIN11 present,’ according to FireEye.
Bombardier said in its press release that the company can confirm it ‘was not specifically targeted’ as multiple companies using the Accellion program were impacted.
Documents leaked on the CLOP dark website appear to show the Globaleye sytem, which has been attached to Bombardier’s Global 6000 jet, pictured
A picture shows the inside of one of Bombardier’s Global 6000 private business jets
FireEye noted that the number of victims on the ‘CL0P^_- LEAKS’ shaming website has increased in February and emails sent by the group to companies demanding ransom be paid note that the site is ‘visited by 20-30 thousand journalists, IT experts, hackers and competitors every day.’
‘Due to the fact that journalists and hackers visit our site, calls and questions will immediately begin, online publications will begin to publish information about the leak, you will be asked to comment,’ one of the extortion notes reads.