Hackers target a company aircraft maintenance

Des pirates informatiques ciblent une firme d’entretien d’avions

Hackers have attacked the firm’s aircraft maintenance Innotech-Execaire Dorval. They then aired a part of the information that they have stolen, including a mass of industrial secrets and personal information about its employees.

The criminals used the rançongiciel (ransomware) Maze, according to a site linked to this group of hackers.

Hackers use this technology to make the extortion. They demand an amount to restore to the victims the access to their information, rendered unreadable by the attack. In the meantime, they are releasing 5 % of the stolen data to push them to pay.

The hackers have already released lists of customers and devices under contract, at least one bid, lists of tools, software and parts, as well as the tasks to be performed on aircraft specific, especially.

On their website, they are threatening to spread from one day to the other the whole set of files stolen if Innotech does not come in contact with them to negotiate.

“When we start to publish, we’ll also notify all the partners, clients and the regulators of the client “, mentioned the pirates.

The “client” is the victim, in fact, forced to choose between the loss and the dissemination of its information, or the payment of a ransom in cryptomonnaie.

Aware since march

“We were aware that it was hacked at the end of march. We have not been able to determine if there was information that was compromised, ” says Ivan Mosca, director of finance at Innotech-Execaire, a division of IMP Group Limited, Halifax.

The published data are not, however, difficult to trace and specialists have been reporting on the hacking at the end of June, especially on the platforms Facebook and Twitter.

Innotech has not responded to our detailed questions.

“We’re working with all the departments internally and agencies externally regarding this situation,” said Monday the president of Innotech-Execaire, Michael Fedele.

He did not want to specify if the company had filed a police complaint and has notified both its customers and its employees that their personal details were leaked on the web.

At the time of going to press, the page that shows the stolen information to Innotech on the site of the Maze that it had received over 1800 visits.

According to Ivan Mosca, the staff has not returned for ransom. “Nobody contacted us,” he said.

“Generally, the software Maze shows yet a file .txt with the instructions for payment “, said Damien Bancal, director of cyberintelligence in 8Brains, who is tracking computer hackers over the past twenty years.

It is difficult to explain why Innotech’t rediscover this form of communication. “Either they haven’t seen it, or if they accidentally deleted,” he said.

If hackers have infiltrated a backup server little frequented, the firm may have struggled to find the ransom demand, said Patrick Mathieu, co-founder of the Hackfest Québec, which brings together each of the years of computer security specialists. “But in the mode investigation, you’re supposed to find it… “

The rançongiciel Maze has started to crack down to may 2019, according to the specialized literature. The authorities suspect that its designers are praising the program to other hackers, who use it for extortion.

“Maze makes three to five new victims per day,” said Damien Bancal. Among the latest are the manufacturer of printers Xerox, and LG Electronics.

To avoid falling into the panel, the specialists advocate before any vigilance.

“The majority of ransomwares come in through phishing,” said Patrick Mathieu. Someone clicks on a link trapped. “Hence the importance of never refer to links appearing in e-mails or text messages suspects.

A mass of data and secrets fly

The data that have already been published hackers contain information on the devices and the services of other companies to contract with Innotech-Execaire. Among the affected customers include the following companies :

  • Bombardier Aerospace;
  • The services of private aviation Tag Aviation;
  • Jolina Aviation, a company owned by Jolina Capital, the conglomerate of the Saputo family;
  • Sobeys Capital, the conglomerate holding the chain of IGA supermarkets;
  • Irving Oil.

The data also include internal audits detailing the procedures to improve and many of the technical details of the aircraft such as :

  • the Global Express aircraft;
  • the Challenger of Bombardier;
  • the Citation Cessna.

Our Bureau of investigation has even been able to see a bid made for the maintenance of a jet Challenger belonging to a company in the british virgin Islands, a tax haven known for the recording device.

There are also company presentations on the strategic direction of the company.

The information contains also a mass of confidential data of employees of Innotech :

  • the description of dozens of accidents which have occurred until 2017 in the workshops Innotech Dorval, including the name of the workers concerned;
  • of the thousands of e-mails that they had exchanged between them until 2012;
  • resignation letters;
  • questions regarding the expense accounts of some of them;
  • lists of training that employees have received.

The data also include information on techniques of” non-destructive testing (non-destructive testing) Innotech, methods of aircraft inspection of points used in the workshops of Dorval and Toronto.

Another victim in quebec

The distributor of equipment for restaurants Bazinet Taylor has also just become a victim of the hackers of the group Maze.

As in the case of Innotech-Execaire, the criminals say they have released 5 % of the data they have stolen on their site. Dozens of noted bank of montreal company for the years 2017 to 2020 to be found online.

The owner Normand Chevanelle said that he was “not aware” of the hacking.

“I have nothing to say and I wish you a very beautiful day,” he said before hanging up, even before our Bureau of investigation has had the opportunity to explain what he had found.

► You have information on it security? Contact our journalist at hjoncas@protonmail.com or at 438 396-5546 (Signal cell).

Share Button