do son 
Source: Resecurity
The aviation industry is facing a growing cyber threat, with recent attacks targeting the International Civil Aviation Organization (ICAO) and the Arab Civil Aviation Organization (ACAO). These incidents, brought to light by the Resecurity cyber threat intelligence (CTI) team.
The ICAO, a specialized agency of the United Nations responsible for international air transport standards, suffered a significant data breach in January 2025. An individual claimed to have accessed 42,000 documents from ICAO, including personal information (PII) of employees and applicants.
While ICAO initially confirmed the breach and stated they were “actively investigating,” they later clarified that the compromised data primarily included recruitment-related information such as names, email addresses, dates of birth, and employment history.
Shortly after the ICAO incident, Resecurity discovered that threat actors had also targeted the ACAO. In this case, attackers exploited a SQL injection vulnerability in a web application to exfiltrate records of staff members and their credentials.
The stolen data included information on Safety Aviation Specialists and Incident Investigators. This is particularly concerning as these individuals possess valuable knowledge and insights into aviation safety systems and protocols.
The targeting of aviation safety experts suggests a strategic interest in acquiring sensitive information that could be used for espionage or to disrupt operations. The Resecurity report highlights that traditional cybercriminals would likely not be interested in this data due to the low probability of monetization.
Instead, the attacks are likely carried out by state-sponsored actors or those seeking to sell the information to such entities. “Considering the tight timing of the recently disclosed ICAO incident, such a trend of targeting (international aviation organizations) is concerning,” the report states.
Related Posts:
- Sticky Werewolf Targets Aviation Sector in Latest Malicious Campaign
- Next-generation aircraft ID systems are vulnerable to hacking
- North Korean Hackers Exploit Old Office Flaw to Deploy Keylogger
- US Organization in China Falls Victim to Suspected Chinese Espionage Campaign
- Operation Digital Eye: Chinese APT Exploits Visual Studio Code Tunnels in High-Stakes Espionage Campaign
