Data Extortion Groups Intensify Pressure On Global Aerospace Supply Chains

Cyber threats targeting the global aviation and aerospace sector are rapidly evolving, with ransomware, identity-based intrusions, and platform-level disruptions becoming dominant attack vectors. The interconnected nature of this ecosystem, combined with time-sensitive operations and complex third-party dependencies, makes it highly attractive to threat actors. Shared airport IT platforms represent critical single points of failure, as demonstrated by the September 2025 ransomware attack on Collins Aerospace MUSE system that disrupted major European airports including Heathrow, Brussels, Berlin, and Dublin. Major ransomware groups like LockBit and Cl0p maintain heavy focus on aviation suppliers, while advanced persistent threat groups including Refined Kitten, Wicked Panda, and Fancy Bear conduct strategic espionage targeting intellectual property, aircraft design data, and military aviation intelligence. Emerging threats include vulnerabilities in regional airports, aviation SaaS platforms, and satellite ...

Pulse ID: 69fb173ad966425db9cad018
Pulse Link: https://otx.alienvault.com/pulse/69fb173ad966425db9cad018
Pulse Author: AlienVault
Created: 2026-05-06 10:26:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cl0p #CyberSecurity #Espionage #Europe #Extortion #InfoSec #LockBit #Military #OTX #OpenThreatExchange #RAT #RansomWare #SupplyChain #bot #AlienVault

LockBit 5.0 in Escalation: dalla Banca delle Banche Centrali Latinoamericane alle logistiche Europee

https://insicurezzadigitale.com/lockbit-5-0-in-escalation-dalla-banca-delle-banche-centrali-latinoamericane-alle-logistiche-europee/

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

📢 Le directeur de la NCA alerte sur la 'radicalisation' des jeunes Britanniques vers la cybercriminalité
📝 ## 🏛️ Contexte

Le 20 mars 2026, Graeme Biggar, directeur général de la **National Crime Agen...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-22-le-directeur-de-la-nca-alerte-sur-la-radicalisation-des-jeunes-britanniques-vers-la-cybercriminalite/
🌐 source : https://www.infosecurity-magazine.com/news/nca-boss-warns-teens-radicalized/
#Lapsus_ #LockBit #Cyberveille

#Schuldigitalisierung ohne #Cybersecurity: Ende Januar 2025 griff ein Ableger der #Lockbit-#Ransomware den rheinland-pfälzischen IT-Dienstleister Topackt an und verschlüsselte 45 Server. Über zwei Terabyte hochsensibler Schuldaten von mehr als 40 Schulen landeten schließlich im #Darknet.

Schulen und kommunale Einrichtungen werden von den Bundesländern in Sachen digitaler #Resilienz nach wie vor weitestgehend sich selbst überlassen - sollen aber massiv digitalisieren:

https://www.speyer.de/de/rathaus/medieninformationen/aktuelle-informationen/stadt-speyer-prueft-situation-nach-datenveroeffentlichung-aus-hackerangriff/

🇨🇱 LockBit 5.0 has now published all the information from Clínica Dávila (http://davila.cl). Remember that this medical institution was attacked by the Devman ransomware back in December last year. It appears that Devman sold a portion of the data to LockBit.

Now the question that arises: Has Clínica Dávila individually notified each patient about the attack it suffered from Devman back in December last year?

https://www.security-chu.com/2026/03/lockbit-filtra-los-datos-de-la-clinica-davila.html

#cybersecurity #ransomware #Chile #databreach #health #healthcare #lockbit #devman #research

“L'expansion continue de #LockBit vers les entreprises et les infrastructures” : retour sur la version 5.0 du #ransomware, déployée depuis Septembre 2025 !

https://blog.sosordi.net/2026/02/lexpansion-continue-de-lockbit-vers-les-entreprises-et-les-infrastructures-retour-sur-la-version-5-0-du-ransomware-deployee-depuis-septembre-2025.html

#securite #data #Internet

LockBit-Ransomware über Apache-ActiveMQ-Lücke: Angriff in zwei Wellen

Ein ungepatchter Apache-ActiveMQ-Server wurde zum Einfallstor für einen mehrstufigen Ransomware-Angriff, der sich über knapp 19 Tage erstreckte

https://www.all-about-security.de/lockbit-ransomware-ueber-apache-activemq-luecke-angriff-in-zwei-wellen/

#LockBit #ransomware #apache