Crooks steal over $50 million from aircraft systems manufacturer FACC

The Austrian engineering firm FACC which designs Airbus, Boeing aero parts was victim of a significant cyber attack.

I always remark the importance of cyber security in a business context, a proper cyber security posture is important like the finances of a company.

A cyber security incident could have serious effects on the business continuity of any company and a significant financial impact.

Today I desire to report you the case of the Austrian company FACC, which design and manufacture components for aircraft and aircraft engine manufacturers, including Airbus and Boeing. Aviation industry is a privileged target for hackers that are interested in the intellectual property of many companies in the sector.

Hackers who targeted the FACC managed to steal roughly 50 million euros as confirmed in the official statement issued by the company on January 19th:

“Today, it became evident that FACC AG has become a victim of a crime act using communication- an information technologies. The management board has immediately involved the Austrian Criminal Investigation Department and engaged a forensic investigation. The correct amount of damage is under review. The damage can amount to roughly EUR 50 million. The cyberattack activities were executed from outside of the company.”

A subsequent update issued by FACC AG  offered more details of the cyber attack and confirmed the losses of more than 50 million euros. The experts at the company  confirmed that the cyber attack was launched from outside and involved communication and information technologies.

According to the company, the operational business was not affected by the cyber attack.

“2016 FACC AG announced that it became a victim of fraudulent activities involving communication- an information technologies. To the current state of the forensic and criminal investigations, the financial accounting department of FACC Operations GmbH was the target of cyber fraud” states the FACC.

“FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. The damage is an outflow of approx. EUR 50 mio of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims.”

According to the experts and analyzing the official statement published by the company, threat actors conducted a Business Email Compromise (BEC) scam against the internal personnel.

Exactly one year ago IC3 and FBI warned about a significant increase of cases related to Business Email Compromise, nearly 2,000 individuals were victims of a wire payment scam.

The Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Formerly known as the Man-in-the-E-mail Scam, the BEC was renamed to focus on the “business angle” of this scam and to avoid confusion with another unrelated scam.” reports the statement.

The fraud scheme is very simple, busy employees received a request to transfer funds by representatives of high management of their company.

It is clear that businesses and personnel using open source e-mail are most targeted by Business Email Compromise, in many cases the criminals spoofed e-mails of individuals within enterprises who are entitled to submit such payment requests.

Individuals responsible for handling wire transfers within a specific companies are privileged targets of criminals which compose well-worded e-mail requests for a wire transfer.

The attacker behind Business Email Compromise scams shows a deep knowledge of their victims, their requests are proportional to the economic capabilities of the target and of the specific individual used as the sender of the request. The criminals sent e-mails concurrently with business travel dates for executives whose e-mails were spoofed.

Be careful!

Pierluigi Paganini

(Security Affairs – Business Email Compromise, cyber attack)