Cyber ​​Security | An air combat training provider is attacked

Hackers say they stole data from a Quebec company that has raised hundreds of millions of dollars in contracts to train pilots for Canadian, US and allied forces. They threaten to publish them on the hidden web on May 15 (dark web).

Posted at 2:21 p.m

Hugo Joncas

Hugo Joncas
The press

Hacker gang Lockbit 2.0 claims on their blog to have stolen 44 gigabytes of information from Top Aces and is threatening to release it on the evening of May 15th.

Top Aces multiplies combat training contracts with the Canadian, American and German Armies.

However, the Dorval company says it is still looking for signs of the break-in. “We’re doing business with an outside company to help us with that,” spokeswoman Erin Black said.

According to our information, its American subsidiary has filed a complaint with the FBI.

Erin Black clarifies that the company has not identified a ransom demand. Lockbit is a ransomware hacking gang that usually encrypts their target’s data after stealing it. At the same time, he makes a payment request on the affected server to restore access to the information.

Largest private combat fleet

Founded in 2000 by ex-military pilots, Top Aces provides combat training services. The company claims to have the largest private fleet of fighter jets.

In 2019, the US Air Force awarded top aces part of a $6.4 billion contract to train their pilots in combat at 12 bases. For these exercises, which include mock operations against the Russian army, the company bought a fleet of 29 used F-16 aircraft from Israel.

In 2017, Top Aces also secured a $480 million contract with Canadian National Defense for combat training services. The renewable contract could reach a total value of 1.4 billion by 2031.

The Caisse de Depot et Placement du Québec is a major shareholder of the company. Its latest annual report values ​​its private placement with the holding company that owns Top Aces at between $50 million and $100 million.

The Canadian Forces are unable to determine the impact of the cyber attack on the security of their data and operations.

“We are not sure if there is an impact and if the leak contains information that belongs to us,” said army spokesman Daniel Le Bouthillier. We check with our IT people. »

He believes Top Aces likely leaked little sensitive information.

Probably because of the money

In a statement last February, LockBit hackers stated that “most” of its members are citizens of the former USSR states, “like Russians and Ukrainians.” However, the gang added that their programmers also hail from China, the United States, Canada and Switzerland.


IMAGE FROM THE LOCKBIT 2.0 PAGE ON THE HIDDEN WEB

Lockbit 2.0 hackers say they stole 44GB of data from Top Aces and are threatening to release it any day.

A cybersecurity expert consulted by La Presse believes the hacking likely has nothing to do with the war in Ukraine.

“There is no reason to believe that LockBit’s attacks are motivated by anything other than money,” said Brett Callow, cyber threat analyst at antivirus firm Emsisoft. That’s not to say the stolen data won’t end up in the hands of other actors, potentially including hostile governments. »

In February, LockBit said it was “apolitical” and pledged “under no circumstances” to engage in attacks on critical infrastructure or international conflicts.

One of the biggest hacker gangs

The gang, which has been active since mid-2019, is now one of the most active in the world. According to his blog’s page on the hidden web he visited The presshowever, only a few large organizations are among its victims.

Like most hacker groups, ransomware developers deal with “partners” who use their program to infiltrate their targets’ networks, steal their data and encrypt them. They then demand a ransom to regain access.

Security measures sometimes manage to block cybercriminals before the data is destroyed, without being able to prevent theft. In such cases, the victims of the leak are unaware until the ransom demands make their wrongdoing public, as they just did on their blog.

Leave a Comment