European heavyweights Airbus, Altran targeted by cyberattacks
CGTN

European aerospace and defense group Airbus has launched an inquiry into the origin and targets of a cyberattack detected earlier in January, the same month that French IT consulting group Altran also saw attempts to breach its systems.

An Airbus spokesman said Thursday that the attack was detected on January 6 and that personal data on some European personnel was targeted starting January 10, prompting it to inform France's data regulator CNIL the following day.

Under the EU's strict new General Data Protection Regulation (GDPR) enacted last year, companies must inform regulators within 72 hours if such attacks put personal data at risk.

Read more: Why GDPR may not work at all

The Airbus inquiry is still underway to determine who was behind the attack, which focused on the IT systems of its commercial aircraft division, the spokesman said.

The group said no commercial operations were impacted by the breach, and that attackers appeared to be seeking contact and IT identification details of some of its 130,000 employees.

Read more: Data privacy: What's happening and how to stay safe

The inquiry also aims to determine if specific data was being targeted at a key player in Europe's defense and security industries.

Airbus is a major supplier of military jets and weapons as well as communication and navigation satellites to European nations, generating revenue of 59 billion euros ($68 billion) in 2017.

It also provides cybersecurity services for essential government networks and infrastructure.

The logo of Altran is pictured at the World Nuclear Exhibition (WNE), the trade fair event for the global nuclear community in Villepinte near Paris, France, June 27, 2018. /VCG Photo

The logo of Altran is pictured at the World Nuclear Exhibition (WNE), the trade fair event for the global nuclear community in Villepinte near Paris, France, June 27, 2018. /VCG Photo

Infection risks

Altran Technologies, one of the largest IT consulting firms in Europe, announced Monday that it had detected on January 24 an attack that impacted its operations on the continent.

But unlike the Airbus attack, the hackers did not appear to be seeking personal data but rather access to files in "many European countries, including France."

Although Altran said it had not detected any cases of stolen data, it had to shut down its IT networks "to protect our clients, employees and partners."

A robotic waiter catering device manufactured by Altran Technologies SA operates at the Aircraft Interiors Expo in Hamburg, Germany, April 4, 2017. /VCG Photo

A robotic waiter catering device manufactured by Altran Technologies SA operates at the Aircraft Interiors Expo in Hamburg, Germany, April 4, 2017. /VCG Photo

Security experts said Altran was targeted by a ransomware attack, which usually attempts to lock a person or company out of key data, or threaten to publish the private data, unless a payment is made.

And because modern companies share network services across several sites, "the files on central servers can be infected quite quickly," said Ivan Fontarensky, head of cyberdefense at the French defense and electronics group Thales.

Altran has brought in outside experts to help determine the origin and extent of the attack, and said that so far it "has not identified any stolen data, nor instances of a propagation of the incident to our clients."

The company's clients operate in a wide range of sectors including defense, energy and infrastructure industries -- and like Airbus, it also offers cybersecurity services.

The EU moved to require companies to inform regulators of personal data breaches after accusing several high-profile companies of failing to inform users that passwords or personal data had been compromised by hackers.

Experts say such disclosures are bound to increase in coming years as the digital economy takes hold in more countries and sectors.

Source(s): AFP