In a post on its Telegram, the Infrastructure Destruction Squad claimed that it had breached the servers and systems of British Airways and gained access to “highly sensitive information” on medical servers.
“Through the hack access was gained to the Crew Portal where cabin crew and pilots log in to manage their schedules sick leave and personal information,” the threat actors said, adding that they breached the portal using a compromised account of an individual, which allowed them access to the admin control panel.
“Sick leave data for flight crew was exposed including employee names such as ********, reasons for leave dates supervisor approvals and AI confidence levels used to evaluate request validity,” the threat group added.
It also claimed to have accessed an AI data analysis and knowledge management platform called Cognino AI 360, where the login page, email addresses and API keys for insurance and financial services were allegedly found.
“Sensitive medical data was exposed through the Cognino system where training files were found containing information about genetic diseases and health related files,” it said.
It also said it had accessed sick leave data, automated workflow for supervisor approvals, data regarding a penetration-testing tool, internal network structure data and more.
“The price is only 1000 US dollars for full access to all compromised systems including login credentials for the British Airways Crew Portal login credentials for the Cognino AI 360 Suit artificial intelligence API keys sensitive medical files flight crew schedules and employee personal information,” it said.
The group also posted screenshots to back its claims, which show the alleged Crew Portal through the named user account, API servers, and Cognino 360.
In a later message, the group talked about its future plans, saying: “Let’s come back stronger let’s come back to destroy industrial systems, let’s come back to leak data let’s come back to sell ransomware let’s come back to sell malware let’s come back to create chaos!”
British Airways is yet to publicly acknowledge the claims. Cyber Daily has reached out to the airline for more information.
This is not the first time British Airways has been breached, having been caught up in the 2023 MOVEit supply chain attack that was conducted by the Cl0p ransomware gang.
It also suffered an incident in 2018 where the personal and financial data of roughly 400,000 customers was compromised, with the cyber attack attributed to Magecart, a loose-knit cyber crime syndicate featuring multiple groups. This was done using stolen credentials from an employee of third-party provider Swissport. Once in, the hackers found clear text credentials of an admin account.
Who is the Infrastructure Destruction Squad?
The group, also known as Dark Engine, is a pro-Russian hacktivist group with a history of cyber attacks in Asia, Latin America, and the EU, according to cyber firm Cyble.
Attack history includes critical infrastructure system disruption, such as water treatment facilities, flood control mechanisms, industrial control systems (ICS), and SCADA environments.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
