Exclusive: France's Snecma targeted by hackers - researcher

BOSTON (Reuters) - French aerospace engine maker Snecma, a unit of Safran, was attacked by hackers who exploited a vulnerability in Microsoft Corp’s Internet Explorer, according to a computer security researcher.

View of a M88 engines, produced by Snecma and which powers a Rafale jet fighter, are seen at the assembly line in the factory of French aircraft manufacturer Dassault Aviation in Merignac near Bordeaux, southwestern France, January 10, 2014. REUTERS/Benoit Tessier

It was not clear how successful the hackers had been in their efforts to breach Snecma’s network, according to the researcher, who has studied malicious software and infrastructure used by the hackers.

A spokeswoman for Snecma’s parent, Safran, said she had no immediate comment.

The researcher said the malicious software used by the hackers contained code that identified Internet domain names belonging to Snecma. The researcher declined to be identified by name as he was not authorized to publicly discuss the matter.

The vulnerability in Internet Explorer surfaced last week, when California-based cybersecurity firm FireEye Inc said that hackers had leveraged a previously unknown security flaw in the Web browser to attack the website of the U.S. nonprofit group Veterans of Foreign Wars.

Microsoft last week advised customers to upgrade to Internet Explorer 11, saying versions 9 and 10 were vulnerable to the type of attacks identified by FireEye.

On Tuesday, the Israeli cybersecurity firm Seculert said in a blog post that the IE vulnerability was used to attack a French aerospace company, though it did not name that company. Seculert said the attack likely began on January 17 and that it may still be going on. (

According to Seculert, the attack on the aerospace company involved a different piece of malicious software than what was used against the Veterans of Foreign Wars, which suggested a different group of hackers may be involved.

The malware was designed to help hackers steal credentials by infecting devices that employees, partners and third-party vendors used to remotely access the French company’s network, according to Seculert.

That technique of targeting remote users has been deployed in some high-profile cyber attacks in recent years.

Target Corp said hackers behind a massive data breach late last year had gained initial access to the U.S. retailer’s network through a vendor.

In 2011, hackers attacked Lockheed Martin Corp and other U.S. military suppliers by creating duplicate SecurID credentials used by contractors to access their networks. (

Additional reporting by Tim Hepher in Paris; Editing by Tiffany Wu