{ "id": "5751b554-f180-421e-a5ab-cfe93b581728", "created_at": "2026-04-06T00:22:20.957441Z", "updated_at": "2026-04-10T13:11:58.848448Z", "deleted_at": null, "sha1_hash": "8edeed36b3334b8b0dbef57975bc98298a5088c8", "title": "Airbus cyber attack believed to have been conducted by hackers in China", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 4019508, "plain_text": "Airbus cyber attack believed to have been conducted by hackers in\r\nChina\r\nBy Julie Delahaye\r\nPublished: 2019-02-05 · Archived: 2026-04-05 17:26:34 UTC\r\nAirbus' cyber attack in January was the work of hackers in China according to\r\nsources close to the manufacturer\r\nThe Airbus 380 in Toulouse\r\nNews\r\nPolitics\r\nFootball\r\nCelebs\r\nTV\r\nShopping\r\nRoyals\r\n13:39, 5 Feb 2019\r\nUpdated14:21, 5 Feb 2019\r\nHackers in China are believed to be behind a cyber attack against Airbus which occurred earlier this year.\r\nAirbus revealed in January that it had 'detected a cyber incident' on its Commercial Aircraft Business information\r\nsystems - although the company says that it had no impact on its commercial activities.\r\nPowered by\r\nThe company explained that it was holding investigations to understand if \"any specific data was targeted\"\r\nalthough admitted that the hackers had obtained access to some personal data accessed, mainly the \"professional\r\ncontact and IT identification details\" of some Airbus employees in Europe.\r\nAt the time the company announced it would be reinforcing its existing security measures, while also investigating\r\nwhat had happened and trying to determine who was responsible for the breach.\r\nhttps://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680\r\nPage 1 of 4\n\nAirbus' assembly line in Toulouse (\r\nImage:\r\nReuters)\r\nNow according to French publication Challenges , sources close to the manufacturer say that a group of hackers\r\noperating from China were the ones to target the company's information systems.\r\nPowered by\r\nThere is speculation that hackers group APT10 is behind the cyber attack.\r\nThe hacking attempt is believed to have been in a bid to try and gain access to technical documents relating to\r\nEuropean aircraft.\r\nA source told Challenges: \"The pattern of attack is very close to those of the APT 10 group, it is probably even\r\nmore complex and sophisticated than what we observed so far.\"\r\nMORE ON\r\nhttps://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680\r\nPage 2 of 4\n\nInvalid EmailSomething went wrong, please try again later.\r\nWe use your sign-up to provide content in ways you’ve consented to and improve our understanding of you. This\r\nmay include adverts from us and third parties based on our knowledge of you. More info\r\nThank you for subscribingWe have more newslettersShow me\r\nYou can find this story in  My Bookmarks.Or by navigating to the user icon in the top right.\r\nhttps://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680\r\nPage 3 of 4\n\nSource: https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680\r\nhttps://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680" ], "report_names": [ "breaking-airbus-cyber-attack-believed-13955680" ], "threat_actors": [ { "id": "ec14074c-8517-40e1-b4d7-3897f1254487", "created_at": "2023-01-06T13:46:38.300905Z", "updated_at": "2026-04-10T02:00:02.918468Z", "deleted_at": null, "main_name": "APT10", "aliases": [ "Red Apollo", "HOGFISH", "BRONZE RIVERSIDE", "G0045", "TA429", "Purple Typhoon", "STONE PANDA", "Menupass Team", "happyyongzi", "CVNX", "Cloud Hopper", "ATK41", "Granite Taurus", "POTASSIUM" ], "source_name": "MISPGALAXY:APT10", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "ba9fa308-a29a-4928-9c06-73aafec7624c", "created_at": "2024-05-01T02:03:07.981061Z", "updated_at": "2026-04-10T02:00:03.750803Z", "deleted_at": null, "main_name": "BRONZE RIVERSIDE", "aliases": [ "APT10 ", "CTG-5938 ", "CVNX ", "Hogfish ", "MenuPass ", "MirrorFace ", "POTASSIUM ", "Purple Typhoon ", "Red Apollo ", "Stone Panda " ], "source_name": "Secureworks:BRONZE RIVERSIDE", "tools": [ "ANEL", "AsyncRAT", "ChChes", "Cobalt Strike", "HiddenFace", "LODEINFO", "PlugX", "PoisonIvy", "QuasarRAT", "QuasarRAT Loader", "RedLeaves" ], "source_id": "Secureworks", "reports": null }, { "id": "04b07437-41bb-4126-bcbb-def16f19d7c6", "created_at": "2022-10-25T16:07:24.232628Z", "updated_at": "2026-04-10T02:00:04.906097Z", "deleted_at": null, "main_name": "Stone Panda", "aliases": [ "APT 10", "ATK 41", "Bronze Riverside", "CTG-5938", "CVNX", "Cuckoo Spear", "Earth Kasha", "G0045", "G0093", "Granite Taurus", "Happyyongzi", "Hogfish", "ITG01", "Operation A41APT", "Operation Cache Panda", "Operation ChessMaster", "Operation Cloud Hopper", "Operation Cuckoo Spear", "Operation New Battle", "Operation Soft Cell", "Operation TradeSecret", "Potassium", "Purple Typhoon", "Red Apollo", "Stone Panda", "TA429", "menuPass", "menuPass Team" ], "source_name": "ETDA:Stone Panda", "tools": [ "Agent.dhwf", "Agentemis", "Anel", "AngryRebel", "BKDR_EVILOGE", "BKDR_HGDER", "BKDR_NVICM", "BUGJUICE", "CHINACHOPPER", "ChChes", "China Chopper", "Chymine", "CinaRAT", "Cobalt Strike", "CobaltStrike", "DARKTOWN", "DESLoader", "DILLJUICE", "DILLWEED", "Darkmoon", "DelfsCake", "Derusbi", "Destroy RAT", "DestroyRAT", "Ecipekac", "Emdivi", "EvilGrab", "EvilGrab RAT", "FYAnti", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "GreetCake", "HAYMAKER", "HEAVYHAND", "HEAVYPOT", "HTran", "HUC Packet Transmit Tool", "Ham Backdoor", "HiddenFace", "Impacket", "Invoke the Hash", "KABOB", "Kaba", "Korplug", "LODEINFO", "LOLBAS", "LOLBins", "Living off the Land", "MiS-Type", "Mimikatz", "Moudour", "Mydoor", "NBTscan", "NOOPDOOR", "Newsripper", "P8RAT", "PCRat", "PlugX", "Poison Ivy", "Poldat", "PowerSploit", "PowerView", "PsExec", "PsList", "Quarks PwDump", "Quasar RAT", "QuasarRAT", "RedDelta", "RedLeaves", "Rubeus", "SNUGRIDE", "SPIVY", "SharpSploit", "SigLoader", "SinoChopper", "SodaMaster", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trochilus RAT", "UpperCut", "Vidgrab", "WinRAR", "WmiExec", "Wmonder", "Xamtrav", "Yggdrasil", "Zlib", "certutil", "certutil.exe", "cobeacon", "dfls", "lena", "nbtscan", "pivy", "poisonivy", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "ba3fff0c-3ba0-4855-9eeb-1af9ee18136a", "created_at": "2022-10-25T15:50:23.298889Z", "updated_at": "2026-04-10T02:00:05.316886Z", "deleted_at": null, "main_name": "menuPass", "aliases": [ "menuPass", "POTASSIUM", "Stone Panda", "APT10", "Red Apollo", "CVNX", "HOGFISH", "BRONZE RIVERSIDE" ], "source_name": "MITRE:menuPass", "tools": [ "certutil", "FYAnti", "UPPERCUT", "SNUGRIDE", "P8RAT", "RedLeaves", "SodaMaster", "pwdump", "Mimikatz", "PlugX", "PowerSploit", "ChChes", "cmd", "QuasarRAT", "AdFind", "Cobalt Strike", "PoisonIvy", "EvilGrab", "esentutl", "Impacket", "Ecipekac", "PsExec", "HUI Loader" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434940, "ts_updated_at": 1775826718, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8edeed36b3334b8b0dbef57975bc98298a5088c8.pdf", "text": "https://archive.orkl.eu/8edeed36b3334b8b0dbef57975bc98298a5088c8.txt", "img": "https://archive.orkl.eu/8edeed36b3334b8b0dbef57975bc98298a5088c8.jpg" } }