cyberattack

Getty Images

Evtec

‘Toothless support’

DEVELOPING STORYDEVELOPING STORY,

Heathrow, Brussels and Berlin airports among major European hubs confirming disruptions as a result of the attack.

A cyberattack targeting check-in and boarding systems has disrupted air traffic and caused delays at major airports across Europe.

Some operations at a number of airports, including London’s Heathrow, were taken offline on Saturday after a service provider’s software was hit in the attack.

Recommended Stories

list of 3 itemsend of list

Heathrow airport, the United Kingdom’s largest and one of the busiest internationally, said Collins Aerospace, which provides check-in and boarding systems for several airlines across multiple airports globally, “is experiencing a technical issue that may cause delays for departing passengers”.

“While the provider works to resolve the problem quickly, we advise passengers to check their flight status with their airline before travelling,” it said.

Collins Aerospace is a major aerospace and military company based in the United States, and a subsidiary of weaponsmaker RTX Corporation – formerly Raytheon Technologies. RTX said it was aware of a “cyber-related disruption” to its software in select airports, without naming them.

“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” the company said in a statement, adding that it was working to fix the issue as quickly as possible.

Brussels and Berlin airports separately confirmed they were also affected by the attack, which rendered automated systems inoperable, allowing only manual check-in and boarding procedures.

“This has a large impact on the flight schedule and will unfortunately cause delays and cancellations of flights,” Brussels airport said, adding that the cyberattack occurred on Friday night.

“Due to a technical issue at a system provider … there are longer waiting times at check-in. We are working on a quick solution,” Berlin airport said in a banner on its website.

Frankfurt airport, Germany’s largest, was not affected, a spokesperson said. An official from the operations control centre at Zurich airport also said it had not been affected.

The Paris Charles de Gaulle airport, also known as Roissy, along with Orly and Le Bourget airports in the Paris area, reported no disruptions.

No group, individual, or state actor has claimed responsibility for the cyberattack, and a motive is yet to be confirmed. There has been no confirmed instance of data theft related to the attack.

The Shadowserver Foundation and Eye Security would not disclose which firms were affected.

A sweeping cyber espionage operation targeting Microsoft server software has compromised about 100 different organisations over the weekend.

Two of the organisations that helped uncover the attack announced their findings on Monday.

On Saturday, Microsoft issued an alert about “active attacks” on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within others. SharePoint instances run off of Microsoft servers were unaffected.

Dubbed a “zero-day” because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.

Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.

“It’s unambiguous,” Bernard said. “Who knows what other adversaries have done since to place other backdoors.”

He declined to identify the affected organisations, saying that the relevant national authorities had been notified.

The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations.

Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.

“It’s possible that this will quickly change,” said Rafe Pilling, director of threat intelligence at Sophos, a British cybersecurity firm.

A Microsoft spokesperson said in an emailed statement that it had “provided security updates and encourages customers to install them”.

It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain’s National Cyber Security Centre said in a statement that it was aware of “a limited number” of targets in the United Kingdom. A researcher tracking the hacks said that the campaign appeared initially aimed at a narrow set of government-related organisations.

Potential targets

The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8,000 servers online could theoretically have already been compromised by hackers.

Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities.

“The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,” said Daniel Card of British cybersecurity consultancy, PwnDefend.

“Taking an assumed breach approach is wise, and it’s also important to understand that just applying the patch isn’t all that is required here.”

On Wall Street, Microsoft’s stock is about even with the market open as of 3pm in New York (19:00 GMT), up by only 0.06 percent, and has gone up more than 1.5 percent over the last five days of trading.

Half a decade ago, shoppers were met with long lines, empty shelves, food and water shortages due to the coronavirus pandemic at the Whole Foods Market in downtown Los Angeles in 2020. Now the company is dealing with similar problems because of a cyberattack on a distributor. File Photo by Jim Ruymen/UPI | License Photo

June 12 (UPI) — A cyberattack has crippled distribution channels for one of the nation’s top organic food distributors, leading to empty shelves at grocery stores nationwide.

Rhode-Island-based United Natural Foods Inc., a major supplier to Whole Foods, became aware of the attack on June 5th, a filing with the Securities and Exchange Commission said. UNFI said the breach affected its ability to fulfill customer orders.

“It’s affecting operations in a very, very significant way,” an employee at a Sacramento Whole Foods told NBC News. “Shelves don’t even have products in some places. The shipments we receive are not what we need, or we did need it but it’s too much of one product because UNFI can’t communicate with stores to get proper orders.”

A spokesperson for Whole Foods apologized and said the company is working to restock the shelves as quickly as it can. In a statement, UNFI acknowledged the ransomware attack.

“We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate,” UNFI said in the statement. “As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts and we have notified law enforcement. We are assessing the unauthorized activity and working to restore our systems to safely barring them back online.”

UNFI said it is working closely to keep its customers updated amid the confusion and distribution disruptions.

At a quarterly earnings meeting Tuesday, UNFI CEO Sandy Douglas told investors that it is supplying customers on a “limited basis.”

“We are partnering with customers across the country and across our formats in various short term modes to serve their needs as best we possibly can,” he said. “Any way that we can help them with their needs, we’re doing.”

Douglas said the company is working with the FBI and other authorities to track the source of the breach and why UNFI’s security systems failed.

The UNFI security breach comes amid a series of cyberattacks on retailers in recent weeks that have crippled the operations of several high profile retailers with ransomware.

A Chinese national flag flies in front of a new, modern business complex in Beijing on August 15, 2013. China’s construction boom could be stalling out, according to Societe Generale, which sounded a warning last week that recent softening in demand for cement and earth-moving equipment could be an early warning sign. UPI/Stephen Shaver | License Photo

May 28 (UPI) — The Czech Republic accused China on Wednesday of being responsible for a “malicious cyber campaign” that targeted an unclassified network of the foreign ministry.

Little information about the cyberattack was made public, the Czech government said it began in 2022, affected an institution designated as Czech critical infrastructure and that it was perpetrated by well-known China-backed hackers APT31.

“The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,” the Czech foreign affairs ministry said in a statement.

“Such behavior undermines the credibility of the People’s Republic of China and contradicts its public declarations.”

APT31, which stands for Advanced Persistent Threat Group 31, is a collection of China state-sponsored intelligence officers, contract hackers and support staff that conduct cyberattacks on behalf of the Chinese government.

Seven Chinese nationals were charged in the United States in late March for their involvement in APT31, which federal prosecutors said has targeted U.S. and foreign critics of the Chinese government, business, and political officials over the last 14 years.

The Czech government said Wednesday it tied APT31 to the cyberattack through an “extensive investigation,” which “led to a high degree of certainty about the responsible actor.”

“The Government of the Czech Republic has identified the People’s Republic of China as being responsible,” it said.

NATO and the European Union — both of which Czech is a member of — were quick to condemn China following Prague’s revelation.

“We stand in solidarity with the Czech Republic following the malicious cyber campaign against its Ministry of Foreign Affairs,” the security alliance said in a statement.

NATO did not blame China but acknowledged the Czechs’ accusation of Beijing for the attack and said that it has observed “with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China.”

Similarly, the EU did not directly point the finger at China for the attack on the Czech Republic, but said there have been cyberattacks linked to Beijing targeting EU and its member stats.

“In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territories. Since then, several Member States have attributed similar activities at their national level,” the EU’s high representative, Kaja Kallas, said in a statement.

“We have repeatedly raised our concerns during bilateral engagements and we will continue to do so in the future.”

Disruption from the ‘highly sophisticated and targeted cyber attack’, first reported around Easter weekend, continues.

British retailer Marks & Spencer estimates that a cyberattack that stopped it from processing online orders and left store shelves empty will cost it about 300 million pounds ($403m).

The company said in a business update (PDF) on Wednesday that disruption from the “highly sophisticated and targeted cyber attack,” which was first reported around the Easter weekend, is expected to continue until July.

Online sales of food, home and beauty products have been “heavily impacted” because the company, popularly known as M&S, had to pause online shopping.

The attack on one of the biggest names on the United Kingdom high street forced M&S to resort to pen and paper to move billions of pounds of fresh food, drinks and clothing after it switched off its automated stock systems.

That led to bare food shelves and frustrated customers, denting profits.

A month on, M&S’s large online clothing service remains offline, and the attack has wiped more than a billion pounds off its stock market value.

Chairman Archie Norman said the timing of the attack was unfortunate as M&S, which has been implementing a comprehensive turnaround plan since 2022, had been starting to show its full potential.

“But in business life, just as you think you’re onto a good streak, events have a way of putting you on your backside,” he said.

M&S, which has 65,000 staff and 565 stores, said the hack would cost about 300 million pounds ($403m) in lost operating profit in its year to March 2026, although it hopes to halve that impact through insurance, cost control and other actions.

Chief executive Stuart Machin said the company is focused on recovery and restoring its systems and operations.

“This incident is a bump in the road, and we will come out of this in better shape,” Machin said. He did not provide any details on the attack or who might be behind it.

Earlier this month, the company said customer personal data, which could have included names, emails, addresses and dates of birth, was taken by hackers in the attack.

Two other British retailers, luxury London department store Harrods and supermarket chain Co-op, have also been targeted by cyberattacks at around the same time.