US subsidiary of ST Engineering Aerospace suffers massive data breach

SINGAPORE: About 1.5 terabytes of sensitive data was reportedly stolen from a US subsidiary of ST Engineering Aerospace in a massive data breach that was discovered on Friday (5 June), according to cybersecurity firm CYFIRMA .

In response to queries by CNA, CYFIRMA said its initial investigation showed the breach at VT San Antonio Aerospace started “as early as in March”.



It said the stolen data includes contract details with various governments of countries like Peru and Argentina, government-related organisations like NASA, and air carriers like American Airlines.

The leaked data is also believed to include details of project implementation plans, name and type of equipment/parts, schedules and timelines, as well as financial records.

"Hackers used Maze ransomware for their campaign. Maze is a malware that hackers can embed into phishing emails. When a victim opens these emails, the Maze malware infects the machine and starts encrypting files. Once this is completed, a ransomware demand is made,” said CYFIRMA CEO Kumar Ritesh.

"Initial investigation indicated that ST Engineering might not have made the payment in response to the ransomware demand and hence, the data is now available on public domain. Hackers claimed they have exfiltrated 1.5TB of data and more sensitive data may be released onto public domain in the coming days."



Mr Ritesh added ST Engineering Aerospace has been informed of the data breach, and the company is taking action.

In a statement, VT San Antonio Aerospace vice president and general manager Ed Onwe confirmed that cyber criminals called the Maze group had gained unauthorised access to the company's network and carried out a ransomware attack.

“At this point, our ongoing investigation indicates that the threat has been contained and we believe it to be isolated to a limited number of ST Engineerings US commercial operations. Currently, our business continues to be operational,” said Mr Onwe.

“Upon discovering the incident, the company took immediate action, including disconnecting certain systems from the network, retaining leading third-party forensic advisors to help investigate, and notifying appropriate law enforcement authorities.

“As part of this procRead More – Source