American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle\u2019s E-Business Suite (EBS).<\/p>\n
The breach, first highlighted by the notorious Clop ransomware<\/a> group, underscores the growing risks facing enterprise software in the aviation sector.<\/p>\n Clop, known for high-profile extortion schemes like the MOVEit Transfer<\/a> attacks, claimed responsibility last week, listing American Airlines among over 60 organizations hit through unpatched flaws in Oracle EBS.<\/p>\n The group, which operates out of Russia-linked networks, has demanded ransoms in cryptocurrency, threatening to leak stolen data on its dark web site if unpaid.<\/p>\n While Clop didn\u2019t specify the exact vulnerabilities, security researchers point to known issues in Oracle\u2019s WebLogic Server and EBS modules, such as CVE-2023-21931<\/a>, which allow remote code execution if not properly secured.<\/p>\n Envoy\u2019s admission came swiftly after the claims surfaced, aiming to reassure stakeholders amid rising concerns over aviation data security.<\/p>\n \u201cWe are aware of the incident involving Envoy\u2019s Oracle E-Business Suite application,\u201d an Envoy spokesperson told Cybersecurity News. \u201cUpon learning of the matter, we immediately began an investigation and law enforcement was contacted\u201d.<\/p>\n \u201cWe have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised.\u201d<\/p>\n The spokesperson emphasized that passenger records, flight operations, and personal identifiable information remained untouched, mitigating immediate risks to travelers.<\/p>\n However, the exposure of internal business data could still pose challenges, including potential phishing<\/a> vectors or competitive intelligence leaks for the regional carrier, which operates over 150 aircraft and serves millions of passengers annually under the American Airlines banner.<\/p>\n Experts warn that this incident highlights systemic vulnerabilities in legacy enterprise systems. Oracle EBS<\/a>, widely used for HR, finance, and supply chain management, has faced criticism for slow patching cycles.<\/p>\n Cybersecurity firm Mandiant noted in a recent report that Clop\u2019s tactics often target third-party software to amplify reach, affecting not just direct victims but entire ecosystems.<\/p>\n As investigations continue with federal authorities, including the FBI\u2019s cyber division, Envoy stated it has implemented enhanced monitoring and updated its Oracle systems. American Airlines, while not directly named in data leaks, has bolstered its subsidiary\u2019s defenses in response.<\/p>\n This breach arrives amid a wave of aviation cyberattacks, from ransomware hitting airports<\/a> to state-sponsored espionage. Industry leaders are urging faster adoption of zero-trust architectures to safeguard critical infrastructure.<\/p>\n For now, Envoy passengers can fly with relative peace of mind, but the event serves as a stark reminder: in cybersecurity, one weak link can ground an entire operation.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nEnvoy Compromised<\/strong><\/h2>\n