ST Engineering Aerospace's US subsidiary suffers massive data breach

Contract details exposed with 1.5TB of data stolen in ransomware attack

Singapore-based ST Engineering Aerospace's United States subsidiary has suffered a massive ransomware attack, resulting in the exposure of confidential data such as contract details with various governments, government-related organisations and airlines.

Cyber security firm Cyfirma said in a report this month that hackers exfiltrated about 1.5TB of data, which could have been stolen as early as March.

Its initial investigation revealed that about 50MB of leaked data went on the Dark Web and public forums as the US subsidiary, VT San Antonio Aerospace, might not have paid the ransom, Cyfirma's founder and chief executive Kumar Ritesh told The Sunday Times.

VT San Antonio Aerospace - which provides maintenance, repair and overhaul services to aircraft - acknowledged that the attack was carried out by a sophisticated group of cyber criminals, known as the Maze group.

In a statement on Friday, its vice-president and general manager Ed Onwe said: "Our ongoing investigation indicates that the threat has been contained, and we believe it to be isolated to a limited number of ST Engineering's US commercial operations."

He added: "Currently, our business continues to be operational."

Cyfirma, which is headquartered in Singapore and Tokyo, said the stolen data included client information and contract details such as that with American Airlines.

Other leaked sensitive data pertains to governments of countries like Peru and Argentina, and engagement details with agencies like the National Aeronautics and Space Administration.

VT San Antonio Aerospace has since disconnected certain systems from its network, informed the relevant law enforcement authorities and engaged the services of third-party forensic investigators.

It is also conducting a rigorous review of the incident and its systems to ensure the necessary safeguards are in place.

Noting that denying ransom payment is the right thing to do, Cyfirma's Mr Ritesh said: "When you pay the ransom, (hackers) may take it as a sign of weakness and come back and attack you again."

It is more important to investigate the vectors through which the hackers came in - whether it was a mobile device, laptop, e-mail or malicious website - and tighten control on such vectors, he added.

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Sunday Times on June 07, 2020, with the headline ST Engineering Aerospace's US subsidiary suffers massive data breach. Subscribe