




















Threat actors have made claims that they breached British Airways, allegedly having stolen medical data as well as crew and pilot information.
In a post on its Telegram, the Infrastructure Destruction Squad claimed that they had breached to the servers and systems of British Airways, and gained access to “highly sensitive information” on medical servers.
“Through the hack access was gained to the Crew Portal where cabin crew and pilots log in to manage their schedules sick leave and personal information,” the threat actors wrote, adding that they breached the portal using a compromised account of an individual, which allowed them access to the admin control panel.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
“Sick leave data for flight crew was exposed including employee names such as ********, reasons for leave dates supervisor approvals and AI confidence levels used to evaluate request validity,” the threat group added.
It also claimed to have accessed an AI data analysis and knowledge management platform called Cognino AI 360, where the login page, email addresses and API keys for insurance and financial services were allegedly found.
“Sensitive medical data was exposed through the Cognino system where training files were found containing information about genetic diseases and health related files.”
It also said it had accessed sick leave data, automated workflow for supervisor approvals, data regarding a penetration testing tool, internal network structure data and more.
“The price is only 1000 US dollars for full access to all compromised systems including login credentials for the British Airways Crew Portal login credentials for the Cognino AI 360 Suit artificial intelligence API keys sensitive medical files flight crew schedules and employee personal information.”
The group also posted screenshots to back its claims, which show the alleged Crew Portal through the named user account, API servers, and Cognino 360.
In a later message, the group talked about its future plans, saying "let's come back stronger let's come back to destroy industrial systems, let's come back to leak data let's come back to sell ransomware let's come back to sell malware let's come back to create chaos!”
British Airways is yet to publicly acknowledge the claims. Cyber Daily has reached out to the airline for more information.
This is not the first time British Airways has been breached, having been caught up in the 2023 MOVEit supply chain attack that was conducted by the Cl0p ransomware gang.
It also suffered an incident in 2018 where the personal and financial data of roughly 400,000 customers was compromised, with the cyber attack attributed to Magecart, a loose-knit cyber crime syndicate featuring multiple groups. This was done using stolen credentials from an employee of third-party provider Swissport. Once in, the hackers found clear text credentials of an admin account.
Who is the Infrastructure Destruction Squad?
The group, also known as Dark Engine, is a pro-Russian hacktivist group, with a history of cyber attacks in Asia, Latin America, the EU, according to cyber firm Cyble.
Attack history includes critical infrastructure system disruption such as water treatment facilities, flood control mechanisms, Industrial Control Systems (ICS) and SCADA environments.
Want to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Tags:
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。