Paris (AFP)
In recent months, Airbus has been the target of several computer attacks launched by subcontractors of the manufacturer, AFP has learned by investigating several security sources, who suspect that these industrial espionage operations to be controlled since the China.
AFP was able to draw the contours and objectives of a recent series of offensives, by questioning more than half a dozen sources close to the file on behalf of anonymity.
According to concordant sources, these cyberattacks have in turn targeted the French technology consulting group Expleo (formerly Assystem), the British engine manufacturer Rolls-Royce, and two French Airbus subcontractors that AFP has not identified.
The attacks against the European aircraft manufacturer - an industrial flagship considered by the French government computer security agency Anssi as an "Operator of vital importance" (OIV) - are commonplace, and their motives and modes of operation are very varied.
But over the past twelve months, "four major attacks" have targeted the European aerospace giant via its subcontractors, told AFP one of these interlocutors.
- Targeted VPN -
The attack on Expleo was discovered "at the end of 2018", but the infection was much older. "Very sophisticated, it targeted the VPN that connected the company to Airbus," says a source at AFP.
A virtual private network (VPN) is a private, encrypted network that allows multiple entities to communicate securely. Successfully penetrating a VPN theoretically opens the doors of all parts of the network.
The other attacks followed a similar pattern: attack the subcontractor, then enter the giant aeronautics pretending to be him, taking advantage of its access in the Airbus system.
Airbus, meanwhile, announced at the end of January a cybervol of personal data of its employees via its commercial aviation division.
According to one of the sources questioned by AFP, the first of the infections was detected in the British subsidiary of Assystem and Rolls Royce, to uncover other attacks at Assystem France and Airbus.
"The very big companies (like Airbus, ed), are very well protected, it's very hard to hack them, while smaller companies will be a better target," says Romain Bottan, BoostAerospace security officer, digital grouping of the aerospace industry, which launched the Aircyber initiative to try to strengthen the cyber security of small and medium-sized enterprises (SMEs).
Protecting the myriad of subcontractors is a very complex task. "The doors are closed so they go through the windows, and when the windows are closed, they will go through the chimney," says Loïc Guézo, director of cybersecurity strategy at Proofpoint, a California cybersecurity company.
Questioned by AFP, Expleo "does not confirm or deny" information from AFP. Asked by AFP, Airbus and Rolls Royce did not comment in the immediate future.
But what are these pirates looking for in the Airbus computer system?
According to concordant sources, the attackers have targeted technical certification documents, a formal procedure to ensure that the various elements of an aircraft meet the security requirements. In February, Challenges magazine revealed that the Airbus-recognized intrusion targeted this type of document.
According to three sources interviewed by AFP, some information stolen also related to the engine of the A400M military transport aircraft, which has some of the most powerful turboprop engines in the world.
According to one of these sources, cyber-hackers also seem to be interested in motorization of the A350 jumbo jib, or even information related to avionics, all electronic systems helping piloting.
- Difficult assignment -
The sources consulted by AFP remain cautious and refuse to formally attribute this series of attacks, while agreeing that suspicions weigh on Chinese hackers.
China has been trying to develop for several years its first medium-mail, the C919, but has trouble getting it certified. In addition, motorization and avionics are "areas in which the Chinese research and development is weak," said a source close to the issue, even as Beijing intends in the future to develop with the Russians a long-haul, the C -929, which will be on the same niche as the A350.
However, in the field of cyberattacks, specialists are generally very reluctant to designate the authors, difficult to unmask. "What we call an attribution is to define the common properties of an attacker in essentially technical terms, but on technical subjects, we know that there can be a lot of falsification," says Guézo.
He recalls, for example, that the "Wikileaks, Vault7 / Marble Framework revelations of 2017, have put CIA computer track scrambling tools on the public square - but other countries or criminals are surely the same - giving it the ability to "attack by leaving clues in the software that can be reminiscent of a Russian provenance.Even more clever, it allows to suggest that we have to deal with a Chinese software whose designers have tried to pretend to Russians" .
Several sources mentioned a group linked to the Chinese authorities, identified under the code name APT10, while another, while pointing to Beijing, said it was unlikely that they would be liable "because of the procedure used".
APT10 is a Chinese cyber-espionage group linked, according to Washington, to Beijing's intelligence services, both in military and economic intelligence.
According to an industry source working in cybersecurity, there is also a group of Chinese hackers specializing in aeronautics, the Jiangsu (East) regional branch of the Ministry of State Security (MSS), the JSSD.
"The core business of the JSSD is aeronautics," with "people who understand the language, software and codes of aeronautics," she said.
In 2018, US justice has charged several suspected members of the JSSD that it suspected of having pirated, at least between 2010 and 2015, the American companies General Electric and French Safran to steal data on a civil aviation turbojet, "At the same time, a Chinese aerospace company was trying to develop a similar engine for an aircraft made in China and elsewhere," the ministry said.
In the face of the attacks, Airbus is torn between the desire to preserve itself and the cautiousness of bet so as not to wrinkle with the Chinese authorities and deprive itself of a gigantic market where it has installed an assembly line. According to a source consulted by AFP, some messages were delivered in Beijing by backdoor ways to indicate discontent in France.
- Achilles' heel -
Beyond the thorny issue of their attribution, these attacks show the Airbus Achilles cyber heel.
"The aeronautics industry is the sector that suffers the most cyberattacks, mainly motivated by espionage or the search for money given the benefits of this industry," summarizes Romain Bottan.
In addition to the siphoning of sensitive information, attacks can hinder production by targeting exclusive suppliers of certain parts, represent industrial bottlenecks. "Weak boxes" on the board that, once occupied, undermine Airbus.
"If someone wants to slow down production, he will quickly identify which subcontractor is critical, the + single source +, unique in their piece," whose paralysis will cause "delays in the supply chain," says 'expert.
Thus the Belgian equipment manufacturer Asco, attacked in the spring by a ransomware that completely paralyzed. A source, who suspects Russian attackers, said the company has preferred to scuttle its system, "but it took them a month to get everything back", with the help of Airbus for whom the attack had consequences on his production rates.
A problem that the French government is aware of. "The news reminded us during the year 2019 that industrial groups may also be subject to cyber attacks that target not only personal data of their employees but very directly the technical documentation of equipment that they conceive, "said Minister of Armed Forces Florence Parly at the beginning of September, in a veiled reference to Airbus.
"In reality it was a subcontractor of this group that was targeted, which shows us the importance that is aimed at each link in our national defense," she said, announcing the next "signature of an agreement between (his) ministry and eight major defense companies that will set shared objectives and first concrete actions on cybersecurity ".
fz-dab-lby-MRA-pta-map / mm / shu
© 2019 AFP