A Canadian military contractor has acknowledged suffering a ransomware attack.
In a statement to ITWorldCanada.com, CMC Electronics said an unauthorized third-party had gained access to its computer network on May 31st and disrupted operations with a ransom demand.
“We proactively took steps to shut down our network to protect our systems and data,” the statement says. “At this stage, we are confident that we have successfully contained the incident. We immediately launched an investigation with the assistance of outside cybersecurity experts, including leading forensics specialists, and have also reported the incident to relevant authorities. CMC takes the security of our systems and our customers’ data extremely seriously, and we regret any concern or inconvenience this incident may cause.”
Asked if data was encrypted or copied by the attacker, a company spokesperson said the firm will not go beyond the statement.
On May 31st, the AlphV ransomware group listed CMC Electronics as a victim on its data leak site.
Global News said the Canadian Department of National Defence confirmed Tuesday that CMC Electronics recently told Ottawa it has suffered a cyber incident. The company makes cockpit systems integration, avionics, display solutions, and high-performance microelectronics for military and commercial aircraft. In May it said it had been selected to supply the avionics and software applications for the Royal Canadian Air Force’s new Calidus B-250 turboprop light attack combat and training aircraft.
According to the FBI, AlphV, also called BlackCat, had compromised at least 60 organizations worldwide as of March.
Brett Callow, a B.C.-based threat researcher at Emsisoft, said AlphV is a rebrand of BlackMatter, which was a rebrand of Darkside. The Darkside ransomware strain was used in the 2021 attack on Colonial Pipeline in the U.S.
The attack on CMC Electronics shows the danger of the continuously evolving and rebranding ransomware actors, said Max Heinemeyer, vice-president of cyber innovation at Darktrace. “These cyber-criminals continue to avoid accountability by changing their names and form while relying on the resources of other pre-existing ransomware gangs to perpetrate increasingly damaging and complex attacks.
For targeted organizations, visibility into the digital infrastructure can be the difference between allowing threat actors to lie in wait, accessing extremely sensitive data, and halting an attack before it even begins, he said.
“While government agencies and major corporations have improved their automation over the years, adopting and advancing AI technologies will be essential for these organizations to gain the critical visibility they need to mitigate dangerous, machine-speed attacks in real-time. Governments and businesses need to invest in cybersecurity to protect their global supply chains and sensitive data before attackers can access them.”
(This story has been changed from the original with the addition of a statement from CMC Electronics to clarify the attack was not on CMC”s parent company)
