HQ/EMEAFind out how we can help your business
The BianLian extortion group has presented itself as the perpetrator of the recent Air Canada data breach attack. After breaching Air Canada’s network, the group has stolen 210 gigabytes of data.
The affected entity is one of Canada’s largest airlines and one of the founding members of Star Alliance.
Last month, the airline issued a statement explaining that the incident has only impacted limited personal information of some employees and specific records. However, the attackers now claim that the stolen documents contained much more extensive information.
These attackers shared screenshots of the stolen data on their dark web data leak site as proof and a detailed description of what they acquired from the airline’s network.
The BianLian extortion group warns Air Canada about the extent they are willing to do if they do not cooperate.
Based on reports, the BianLian extortion group threatened Air Canada that they exfiltrated technical and operational data spanning from 2008 to 2023, including details about the company’s technical and security challenges, SQL backups, personal information of employees, data regarding vendors and suppliers, confidential documents, and archives from company databases.
In addition, the cybercriminal group noted that they acquired employee personal data, but it is only a tiny portion of the overall information they obtained during the breach.
The attackers also revealed that they acquired SQL databases with the company’s technical and security issues. They provoked the company to review their files on a demo package they created to prove their claims.
BianLian is a ransomware group that has targeted critical infrastructure organisations in the U.S. and Australia since June last year. These miscreants transitioned from a ransomware gang to an extortion-only group in January 2023 after researchers released a decryptor for their ransomware.
On the other hand, Air Canada admitted that they knew BianLian’s extortion threats but didn’t confirm the group’s claims that they were behind the breach. Furthermore, this Canadian airline has yet to disclose how many employees have suffered, the date of the breach, or when they detected the breach.
Air Canada has already warned some of its customers in emails disseminated earlier this month. The letters advise its recipients to enable SMS-based multifactor authentication on their Aeroplan accounts and use strong passwords to defend against credential stuffing and password spraying attacks.
