Published in ChannelNewsAsia on 6 Jun 2020
SINGAPORE: About 1.5 terabytes of sensitive data was reportedly stolen from a US subsidiary of ST Engineering Aerospace in a massive data breach that was discovered on Friday (5 June), according to cybersecurity firm CYFIRMA .
In response to queries by CNA, CYFIRMA said its initial investigation showed the breach at VT San Antonio Aerospace started “as early as in March”.
It said the stolen data includes contract details with various governments of countries like Peru and Argentina, government-related organisations like NASA, and air carriers like American Airlines.
The leaked data is also believed to include details of project implementation plans, name and type of equipment/parts, schedules and timelines, as well as financial records.
“Hackers used Maze ransomware for their campaign. Maze is a malware that hackers can embed into phishing emails. When a victim opens these emails, the Maze malware infects the machine and starts encrypting files. Once this is completed, a ransomware demand is made,” said CYFIRMA CEO Kumar Ritesh.
“Initial investigation indicated that ST Engineering might not have made the payment in response to the ransomware demand and hence, the data is now available on public domain. Hackers claimed they have exfiltrated 1.5TB of data and more sensitive data may be released onto public domain in the coming days.”
In a statement, VT San Antonio Aerospace vice president and general manager Ed Onwe confirmed that cyber criminals called the Maze group had gained unauthorised access to the company’s network and carried out a ransomware attack.
“At this point, our ongoing investigation indicates that the threat has been contained and we believe it to be isolated to a limited number of ST Engineering’s US commercial operations. Currently, our business continues to be operational,” said Mr Onwe.
“Upon discovering the incident, the company took immediate action, including disconnecting certain systems from the network, retaining leading third-party forensic advisors to help investigate, and notifying appropriate law enforcement authorities.
“As part of this process, we are conducting a rigorous review of the incident and our systems to ensure that the data we are entrusted with remains safe and secure. This includes deploying advanced tools to remediate the intrusion and to restore systems. We are also taking steps to further strengthen the company’s overall cybersecurity architecture.”
He added VT San Antonio Aerospace had also begun notifying potentially affected customers, adding that the company was committed to responding to this incident transparently and proactively.
VT San Antonio Aerospace is conducting a rigorous review of the incident and its systems to ensure its data remains safe and secure, said Mr Onwe.
It is also taking steps to further strengthen the company’s overall cybersecurity architecture and deploying advanced tools to restore systems.