Cyberespionage groups target ICAO, ACAO — threaten global aviation safety

Cyber-attacks on the International Civil Aviation Organization (ICAO) and the Arab Civil Aviation Organization (ACAO) have raised significant concerns about the cybersecurity vulnerabilities within the global aviation industry.

Resecurity wrote in an internal blog this week that “the consequences of cyberattacks in the aviation sector can be severe, leading to substantial financial and reputational damage for the organizations involved” and making “aviation safety experts prime targets, as their insights can be pivotal in executing attacks that maximize impacts. They are also critical for cyberespionage groups and foreign intelligence, especially considering recent aviation incidents that have led to significant geopolitical challenges.”

ICAO is a specialized agency of the United Nations responsible for setting standards for international aviation safety and security which has been the target of cyber intrusions, that highlight how such organizations remain vulnerable to cyber threats. Similarly, ACAO, which focuses on regional aviation collaboration among Arab states, has faced cyber incidents that underscore the broader risks to international aviation governance.

The ICAO, in a comment last month about the breach, revealed that hackers had infiltrated the organization’s systems containing data from as early as 2016. Reports suggest that cyberespionage groups exploited weak security protocols and leveraged phishing attacks to access internal networks.

The intrusion is believed to have originated from a state-sponsored actor, potentially linked to China, although official attributions remain speculative. The attackers’ access was “limited to the recruitment database and does not affect any systems related to aviation safety or security operations,” according to a statement from ICAO, but the breach demonstrates how even institutions tasked with protecting aviation from threats are themselves susceptible to sophisticated cyber intrusions.

In recent years, cybersecurity experts have expressed significant concerns regarding the vulnerabilities in aviation IT systems, emphasizing the potential dangers that could arise from malicious cyber activities. The aviation industry relies heavily on interconnected digital technologies for operations, navigation, communication, and passenger services, making it a prime target for cyber threats.

One major area of concern is the susceptibility of aircraft systems to cyberattacks. Ground-based systems, including air traffic control (ATC) and airport IT infrastructure, are also at risk. Disruptions to ATC systems could lead to miscommunication between pilots and ground control, creating confusion in busy airspaces. In 2016, cyberattacks targeted Vietnam’s two largest airports, compromising flight information screens and broadcasting derogatory messages, which led to significant operational disruptions.

Ransomware attacks have also become increasingly prevalent in the aviation sector. These attacks can paralyze operations by encrypting critical data and demanding ransom payments for decryption. In 2024, Japan Airlines experienced a cyberattack that caused delays to more than 20 domestic flights during the busy year-end travel season. The attack targeted the airline’s network with massive data transmissions, causing system malfunctions.

“The aviation sector is facing a surge in cyber threats, with sophisticated groups employing zero-day exploits and advanced evasion techniques. For instance, China-based Advanced Persistent Threat groups pose significant risks to the aviation sector, indicating a strategic focus on aviation-related data,” Resecurity wrote. “By targeting safety experts, these groups can enhance their understanding of the systems in place and identify weaknesses to exploit.

ACAO, though less globally prominent than ICAO, plays a crucial role in coordinating aviation policies among Arab states. Reports of cyber incidents targeting ACAO suggest that cyberespionage groups have an interest in regional aviation frameworks, possibly seeking intelligence on regulatory measures, airspace security policies, and intergovernmental collaborations.

While specific details about ACAO breaches remain scarce, the likelihood of state-backed cyber groups attempting to penetrate its networks aligns with broader geopolitical interests in aviation intelligence.

Cyberespionage groups pose a multifaceted threat to aviation safety, particularly as they target critical infrastructure, airline operations, air traffic management systems, and supply chains. State-sponsored groups often engage in cyber intrusions to gather intelligence, disrupt adversaries, or test vulnerabilities for potential future exploits. The aviation sector, being integral to national security, commerce, and international mobility, remains a high-value target for such operations.

One of the most concerning aspects of cyberespionage is its potential to compromise the integrity of aviation communications and control systems. If hackers gain access to air traffic management networks, they could manipulate or disrupt flight data, causing confusion or even catastrophic incidents.

Similarly, airline operational technology, including flight planning and maintenance systems, could be altered to introduce safety risks. A breach in avionics software or ground-based navigation aids could lead to deliberate misinformation, impacting pilot decision-making and overall flight safety, potentially causing catastrophic aviation accidents.

Resecurity said, “The aviation industry increasingly relies on Information and communication technology tools integrated into mechanical devices. This integration has heightened cybersecurity concerns, as cyberespionage groups can exploit vulnerabilities in these systems. Targeting safety experts allows these groups to understand and potentially manipulate these vulnerabilities, posing risks to aviation safety.”

The aviation industry’s reliance on digitalization and interconnected networks has expanded the attack surface for cyberespionage actors. Many aviation entities, from regulatory bodies to private airlines and manufacturers, struggle with legacy systems that were not designed with modern cybersecurity threats in mind. The interconnected nature of global aviation means that a breach in one organization could have cascading effects across the entire ecosystem, as seen in past supply chain attacks affecting major industries.

Cyberespionage groups also pose a threat to the confidentiality of sensitive aviation data, including passenger information, flight routes, and cargo manifests. If adversaries gain access to such intelligence, it could be exploited for strategic military operations, economic competition, or even targeted attacks. Additionally, intellectual property theft from aviation manufacturers, such as Boeing or Airbus, could undermine technological advantages and national security.

As Resecurity pointed out, “This information can be exploited for financial, industrial, political, and diplomatic espionage. By compromising these experts, cybercriminals can access proprietary technologies and safety measures that could be leveraged against competitors or for malicious purposes.”

The breaches of ICAO and ACAO exemplify how cyber threats are not confined to individual airlines or airports but extend to the very organizations responsible for ensuring aviation standards and safety. Without stronger cybersecurity frameworks, continuous monitoring, and international cooperation, the risk posed by cyberespionage to global aviation will continue to grow, potentially leading to disruptions, safety compromises, and geopolitical tensions.

This post was updated at 12:34pm Eastern on February 7 to clarify the data accessed and include the statement from ICAO.

Article Topics

ACAO  |  aviation security  |  cybersecurity  |  data privacy  |  data protection  |  ICAO  |  Resecurity