What happened
Attackers claiming affiliation with the Everest ransomware gang have posted that they exfiltrated 1.2 terabytes of data from Atlas Air, including sensitive technical information about Boeing aircraft. According to the report, the ransomware cartel listed Atlas Air on a dark-web forum and shared screenshots of maintenance documents, repair reports, and internal operational data that they allege were stolen from the major cargo airline. A few days after the Atlas Air listing, similar claims appeared regarding aerospace supplier Tsunami Tsolutions, including Boeing-related data, suggesting a possible coordinated supply-chain breach affecting multiple entities in the aerospace sector. Cybernews researchers who reviewed the attack posts noted the absence of attached data samples, with attackers providing only screenshots of purported content. Atlas Air operates Boeing 747 aircraft and is a major global cargo carrier. The incident remains under investigation, with Atlas Air and Tsunami Tsolutions contacted for comment.
Who is affected
Atlas Air and its associated aerospace partner Tsunami Tsolutions are affected by the alleged breach, and the attackers’ claims suggest that internal technical documents including Boeing aircraft maintenance and repair data may have been exposed.
Why CISOs should care
Alleged exfiltration of large volumes of maintenance and technical documentation from interconnected aerospace suppliers underscores how ransomware activity can span supply chains and put sensitive intellectual property at risk.
3 practical actions
- Verify breach claims. Confirm with Atlas Air and partners the authenticity and scope of the reported data exfiltration.
- Assess supply-chain exposure. Review third-party and partner system security where shared technical data resides.
- Monitor for misuse of exposed data. Detect indicators of leaked technical information in illicit forums or threat intelligence feeds.