Airbus admitted it had detected a cyber incident in January 2019 © S Ramadier/Airbus
Airbus admitted it had detected a cyber incident in January 2019 © S Ramadier/Airbus

Hackers target Airbus suppliers

27 September 2019

Hackers targeted key Airbus suppliers in a bid to gain access to the company’s secure data, security sources have warned.

Sources involved in investigating the hacking told news agency AFP there had been a spate of cyber attacks on Airbus suppliers over the last 12 months, which have been linked to Chinese state-backed hackers.

Security and industry sources confirmed the hackers targeted key suppliers to Airbus including Rolls-Royce and technology consultancy Expleo.

According to one source, the attack against Expleo was discovered at the end of 2018 but the group’s system had been compromised long before.

“It was very sophisticated and targeted the VPN [virtual private network] which connected the company to Airbus,” the source said.

A VPN enables employees to access company systems remotely via an encrypted network.

The other attacks, on a British subsidiary of Expleo and Rolls-Royce, also used the same method. 

In January 2019, Airbus admitted it had detected a cyber incident which had “resulted in unauthorised access to data”. 

Sources said the hackers appeared to be interested in technical documents linked to the certification process for different parts of Airbus aircraft.

None of the sources who spoke to AFP could formally identify the hackers, but several suspected Chinese hackers linked to the Chinese Communist Party were responsible for the attacks, as Beijing has just launched a plane designed to compete with Airbus and Boeing.

The state-owned aerospace manufacturer Comac aims to get certification for its first large passenger jet, C919, in 2021. 

An Airbus spokesperson said: “Airbus is aware of cyber events and like any major high tech and industrial player is a target for malicious acts. Airbus continuously monitors, has detection mechanisms in place and can take immediate and appropriate measures to protect itself at all times.”

A Rolls-Royce spokesperson declined to comment on a specific attack but said: “In common with all large organisations, we have experience of attempts to gain access to our network and we have a team of experts who work closely with the relevant authorities to ensure that we combat these attempts and minimise any potential impact.”

Expleo has been contacted for comment.

 Want to stay up to date with the news? Sign up to our daily bulletin.

CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates