Airbus hit by supply chain attacks.
AFP reports that four Airbus suppliers suffered "major attacks" by hackers trying to steal trade secrets. The victims included British engine manufacturer Rolls-Royce and French technology consultancy Expleo, along with two other unidentified French companies. The four attacks reportedly targeted the VPN services the victims used to connect to Airbus. In Expleo's case, AFP says the attack occurred "long before" it was discovered at the end of 2018. AFP's sources said the attackers seemed to be going after "technical documents linked to the certification process for different parts of Airbus aircraft."
None of the attacks provided enough evidence for definitive attribution, but Chinese state-sponsored hackers are the most probable suspects, based on past attacks and motivation. Some of AFP's sources suspect China's APT10, but another mentioned JSSD, an hacking outfit linked to the regional security ministry in Jiangsu which is known for targeting the aerospace industry.
Chinese APT suspected in tech company hacks.
BlackBerry Cylance describes stealthy attacks against southeast Asian technology companies carried out by a threat actor using an open-source Chinese backdoor known as "PcShare." The attackers have modified PcShare to be side-loaded by a legitimate NVIDIA application, after which they replace the legitimate Windows utility "Narrator" with a Trojanized version in order to achieve SYSTEM-level access. The Trojanized Narrator allows the attackers to run any executable with SYSTEM privileges from the login screen without providing credentials.
BlackBerry Cylance says the attacks aim at "persistent exfiltration of sensitive data, as well as local network reconnaissance and lateral movement." They suspect a Chinese actor is behind the campaign. It may be the Tropic Trooper threat group, based on that group's prior use of PcShare. However, since PcShare is an open-source tool, the researchers refrain from making a firm attribution.