EU ROCON TROL

EUROCONTROL
EATM-CERT
3th Quarter 2022 Cyber Threat Landscape
& Activity Report for Senior Management

Edition: 1.0
Edition date: 06/10/2022
Reference: ThreatLandscapeNCERT-2022/03
 About this report
This report is prepared to provide information to senior management about the current cyber threats and vulnerabilities with a focus
on aviation sector and about EATM-CERT activities. It also includes general cyber security threats that may indirectly impact the aviation
sector.
EATM-CERT subscribes to aviation as well as non-aviation related cyber security news systems such as A-ISAC, Europol, CERT-EU, SITA
and ECCSA (European Center for Cyber Security in Aviation). In addition, EATM-CERT surveys other open resources on internet.

Here are the key findings for the 3th quarter of 2022.

2
3
 Key Findings EATM-CERT Activities
DIRECT THREATS and ATTACKS INCIDENTS
H Air Navigation (ASECNA) Affected by Lockbit Ransomware
M Cyber-attack disrupts Turkish Airlines website
H Ragnar Locker Ransomware Claims Cyberattack on TAP Air Portugal
● Airline XXX confirmed that they had an incident with email exchange server.
H Major airline technology provider Accelya attacked by ransomware group
● Civil Aviation Authority YYY confirmed that they had an incident with email exchange server.
Critical ● Civil Aviation Authority ZZZ confirmed that they had an incident with email exchange server
C
● Airlines NNN suffered a ransomware attack
High H
Medium M
Low L
Informational I
PENETRATION TESTS

AVIATION – Q3/2022 NEWS

● ANSP XXX system pentest – completed in August
September: ● LARA & EDQ new version pentest – completed in June
H The Agency for Air Navigation in Africa and Madagascar is a victim of the LOCKBIT ransomware (here) ● ARTAS new release (V9.0.2) pentest – completed in September
M Hackers have published a video of live stream capture from Tirana International Airport, passport control (here)
M Unauthorized actor compromised the email accounts of American Airlines team members. (here)
M Philippine Airlines Suffers Cyberattack with Frequent Flyer Program. (here) ON-GOING ACTIVITIES
M Dublin Airport payment system for staff, subject to cyber attack (here)
M Khabarovsk airport was subjected to a cyber-attack (Russia) (here)
M Hallmark Aviation suffers data breach (here) ● Webinar on 2022 report on cyber in aviation
● Conference on cyber-metrics (transport, telecom, energy, finance, international organisations)
August: ● Reporting to NDTECH/IMT-6
H The "Team OneFIst aka Defenders of Ukraine", group destroyed the Russian Airport backup system (here)
● Credential leak detection service: Shannon airport, Dusseldorf airport
H Major airline technology provider Accelya attacked by ransomware group (here) ● MISP: Air Caraïbes
M WestJet app data breach reveals other people’s personal information (here) ● Vulnerability scanning: LFV
M Akasa airline suffers data breach, passengers' personal information leaked (here) ● Phishing awareness campaign: SMATSA, LPS SR
M Data of Malaysian and UAE airline passengers for sale online. (here) ● Presentation to: ICAO South America, ECAC/ACAO CASE II, Operational Technology ISAC (OT-ISAC) Singapore, IATA
M Taiwan Taoyuan International Airport under cyber attack (here) White Falcon; Support to States in Montenegro and Slovenia
M Russian cybercrime gang Killnet claims Lockheed Martin employee data hack (here) ● Meeting with Singapore airlines, Singapore National Cybersecurity Center, Heathrow airport, NATO, AF/KLM
H TAP Airline victim of cyberattack (here) ● Development of an AI/ML application to better crack passwords (for pentest purposes)
● Beta test of anti-DDOS testing solution (within EUROCONTROL)
July: ● Contribution to the European papers (WP/74 & 175) related to cyber-security tabled at ICAO Assembly 41
M The passport control system at Tehran's Imam Khomeini International Airport was reportedly hacked (here)
H Elbit Systems Aerospace and defence company has been compromised by the Black Basta Ransomware (here)
M Tiger Air announced that it was attacked by hackers and suspected that customer data had been leaked. (here)
M Cyber-attack disrupts Turkish Airlines website (here) Q4/2022 PLANS
M Indian flight booking site Cleartrip announces data breach (here)
L Flight loyalty hack leaves customers thousands out of pocket (here)
M Boeing Employees’ Credit Union (“BECU”) filed an official notice of a data breach (here)
● NDTECH/CYBERG-5 on 4 October
● Aviation Capture The Flag co-organised by Israel Airports Authority and EUROCONTROL/EATM-CERT – 10 teams will
Most important criminal activities on Dark Web compete on 25-26 October in Tel-Aviv
September: ● ANSP XXX system pentest
● Ransomware leak site advertised data leak originating from XXX Airline ● ANSP YYY system pentest
● A threat actor selling internal access for ANSP YYY ● ANSP ZZZ system pentest
● Ransomware leak site advertised data leak originating from ANSP NNN ● iNM Digital Platform pentest
August: ● Support the EACCC 22 exercise (European Aviation Crisis Coordination Cell)
● A threat actor selling login access employee/customers users originating from Aviation Authority MMM ● Room42: cyber crisis management exercise with ANSP XXX
● Participation to the ICAO/CYSECP (Cybersecurity Panel)
● Ransomware leak site advertised data leak originating from OEMs ZZZ
● Participation to the 1st meeting of the ICAO Trust Framework Panel (TFP)
● A threat actor selling data base originating from LLL International Airport
● Beta test of anti-DDOS testing solution with a constituent
July:
● Ransomware leak site advertised data leak originating from Ground Handling Services RRR
● Pro-Russian hacktivist launched DDoS attacks on Aerospace and Airports in Europe
● A threat actor advertised data leak originating from SSS Airline
5
4