PARIS—A series of cyberattacks on Airbus in the past few months were conducted via the computer systems of its suppliers and contractors and security sources suspect a link to China, AFP news agency reported on Sept 26.
Airbus, the world’s second-largest aerospace group, did not immediately respond to a request for comment on the report. China’s foreign ministry and its official cyber regulator did not respond to requests for comment on the report.
Airbus said in January that a cyberattack on its systems had resulted in a data breach. Last year U.S. prosecutors said Chinese intelligence officers and hackers stole information about a jet engine being developed by firms who supply Airbus as well as its U.S. rival Boeing.
According to the AFP report, which cited multiple unnamed security sources, cyber attacks in the past months on Airbus were mounted via French technology consultancy Expleo, engine maker Rolls Royce, and two French Airbus subcontractors which were not identified.
Expleo and Rolls Royce did not immediately respond to requests for comment.
Over the past 12 months, Airbus has been targeted by four major cyberattacks, AFP cited one of the sources as saying. Some of the attacks date back further, the report said.
The report cited the sources as saying the hackers appeared to have been seeking information about engines for the A400M military transport aircraft and A350 airliner.
The AFP report did not make clear whether the cyber attacks it described had led to data breaches or impacted Airbus operations.
It said the security sources have not definitively attributed responsibility for the cyber attacks, but that they bore the hallmarks of groups linked to Chinese intelligence.
The alleged culprit was the Jiangsu Province Ministry of State Security (JSSD), a branch of China’s Ministry of State Security (MSS), which is responsible for counterintelligence, foreign intelligence, and political security.
JSSD officers targeted more than a dozen companies—mostly in the aerospace industry—but only Capstone Turbine Corporation, a Los Angeles-based gas turbine manufacturer, was identified by name. Other companies, including a Massachusetts-based aerospace company, and two aerospace suppliers in Arizona and Oregon, manufactured parts for turbofan engines.
10 people were charged with conspiring to steal sensitive data “that could be used by Chinese entities to build the same or similar engine without incurring substantial research and development expenses,” the indictment said.
By Christian Lowe. Epoch Times reporter Frank Fang contributed to this report.
