China's APT10 hacking group suspected of cyber attacks against Airbus suppliers

Four major attacks on Airbus's supply chain have been detected in the past 12 months

European aerospace company Airbus has been hit by a new series of cyber attacks targeting the company's suppliers in search of trade secrets.

Citing security sources, a report by AFP claims that four major attacks on Airbus have been detected over the past 12 months, possibly carried out by a Chinese state-sponsored hacking group.

Earlier in January, Airbus disclosed that it had detected a "cyber incident" in its Commercial Aircraft business's IT systems, which resulted in unauthorised access to data.

However, the current cyber operation appears to be much bigger in scale than that attack, AFP sources said.

The sources revealed that in the past 12 months attacks have carried out against French tech supplier Expleo, British engine-maker Rolls-Royce and two other French firms, apparently trying to locate weak links in the Airbus supply chain with the eventual aim of infiltrating the aerospace company's networks.

One source told AFP that the attack against Expleo was uncovered at the end of 2018, although attackers had compromised Expleo's computer systems long before through the VPN that company's employees use to connect to Airbus.

Attackers used the same tactics to target Rolls-Royce as well as Assystem, a British subsidiary of Expleo.

It appears that attackers' primary aim was to steal intellectual property related to the certification process for various parts of Airbus aircraft as well as technical information related to the engines of the military transport aircraft A400M and A350 airliner.

The AFP report did not say whether the cyber attacks against Airbus suppliers actually led to data breaches or affected Airbus operations.

In a court filing last year, US prosecutors alleged that Chinese hackers and intelligence agencies stole technical secrets about a jet engine from an unnamed private company. The description of that unnamed company in the court documents matches CFM, a joint venture of General Electric and Safran, which supplies aircraft components to Airbus.

China's APT10 has been named as a likely suspect in some reports. This is the same group suspected of recent cyber attacks on several utilities companies and mobile carriers in the US.

However, China has repeatedly denied the involvement of its agencies in hacking operations against foreign companies.

Airbus is almost certainly a daily target of industrial espionage efforts, with the company's aerospace know-how coveted by governments around the world - not just China, where the government has an ambitious plan to break the Boeing-Airbus duopoly in civil airliners, but also the US and Germany.

In 2015, the company sued over what it claimed was a "concrete suspicion" that security services in Germany spied on the company on behalf of the US National Security Agency.

An Airbus spokesman said the company was aware of cyber campaigns being carried out by hackers in effort to compromise the company's systems. He added that the IT security teams of the company have been continuously monitoring such threats and taking all necessary steps to protect the systems.