Through its subcontractors, Airbus has been the target of four cyber-attacks during the last year. Several security sources investigating the matter suspect that the attacks may have been Chinese industrial espionage operations.

According to concordant sources of the news agency AFP, the cyberattacks targeted the British engine manufacturer Rolls-Royce, the French technology consulting group Expleo, and “two French Airbus subcontractors that AFP has not identified”.

The hackers would have used virtual private network (VPN) connections. Suppliers use VPN to access Airbus’ sensitive data. The hackers were mainly after technical certification sheets of different Airbus components, as well as specific information regarding the engines powering the A400M Atlas tanker and the A350 wide-body commercial airliner.

While security sources of the AFP did not give a definitive origin for the attacks, some believe that a group of hackers linked to the Chinese Communist Party, known as APT10, could be behind them. Conjointly with Russia, China is currently developing a wide-body aircraft known as the CR929 destined to compete, among others, with the A350.

AeroTime has reached out to Airbus for comment but did not receive an answer at the time this article was published.

In January 2019, Airbus was already targeted, this time directly, on two of its British sites, Broughton and Filton. The latter houses some of Airbus wings, fuel systems and landing gear design, engineering and support, including for the A400M.

Hacking is not the only method of industrial espionage. On September 24, 2019, an engineer of the French defense and aerospace company Thales saw his work laptop and a notepad being stolen in what seemed like a targeted break-in into a hotel room in Maurepas, near Versailles. According to a police source, the laptop contained “sensitive data encrypted for military purposes,” while the notepad mainly contained written transcripts of work meetings.

On October 19, 2018, Bombardier filed an official complaint in a U.S. court against Mitsubishi Aircraft, accusing the Japanese company of illegally acquiring some secret documents by hiring former employees of the Canadian plane maker. Mitsubishi was accused of stealing information that would help accelerate the certification process for the MRJ, of which development has been delayed for seven years. Eventually, the prosecution was dropped after Bombardier sold its CRJ program to Mitsubishi.