Summary: The aviation sector is under increased cyber threat, illustrated by recent attacks on the International Civil Aviation Organization (ICAO) and the Arab Civil Aviation Organization (ACAO). The ICAO experienced a significant data breach involving the leak of 42,000 documents, primarily containing recruitment-related personal information. Meanwhile, the ACAO faced an attack through a SQL injection vulnerability, compromising sensitive records of aviation safety specialists.
Affected: International Civil Aviation Organization (ICAO), Arab Civil Aviation Organization (ACAO)
Keypoints :
- ICAO confirmed a data breach involving sensitive recruitment-related information, including personal details of employees and applicants.
- ACAO was targeted using a SQL injection attack, leading to the exfiltration of employee credentials and sensitive information on aviation safety experts.
- The nature of these attacks suggests involvement of state-sponsored actors aiming to acquire sensitive information for espionage purposes.
Source: https://securityonline.info/cyberespionage-targets-aviation-icao-and-acao-breached/