DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Pierluigi Paganini April 10, 2020

DoppelPaymer hackers leaked online internal confidential documents belonging to some of the largest aerospace companies in the world.

The gang behind the DoppelPaymer ransomware has stolen internal confidential documents belonging to some of the largest aerospace companies in the world from the industrial contractor Visser Precision.

Visser Precision is a parts maker for many companies in several industries, including aerospace, automotive, industrial and manufacturing.

Early March, the company disclosed a ransomware attack that might have exposed data related to multiple business partners, including Tesla, SpaceX, Boeing and Lockheed Martin.

The hackers published the stolen data because the victim refused to pay the ransom.

The huge trove of data includes sensitive documents related to military equipment designed by Lockheed-Martin (i.e. an antenna in an anti-mortar defense system), billing and payment forms, supplier information, data analysis reports, and legal paperwork. Some documents provide details about the SpaceX’s manufacturing partner program.

The DoppelPaymer gang uploaded a portion of the stolen documents to a website that is publicly accessible.

According to TechCrunch that reported the news in March, a Lockheed Martin spokesperson said the company is “aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain.”

The same answer was provided by the company to El Reg that asked about the dump.

“Lockheed Martin has made and continues to make significant investments in cybersecurity, and uses industry-leading information security practices to protect sensitive information. This includes providing guidance to our suppliers, when appropriate, to assist them in enhancing their cybersecurity posture.” reads the statement published by El Reg.

Visser Precision did not respond to a request for comment on the recent data leak. Other companies impacted by the security incident did not provide any official communication.

DoppelPayer appeared in the threat landscape in July 2019, experts believe that some members of TA505 cybercrime gang left the group and forked the source code of both Dridex and BitPaymer to develop the ransomware.

The DoppelPaymer crew already shared stolen confidential data after other victims failed to pay the ransom demands.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – DoppelPaymer ransomware, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment