Arab Civil Aviation Organization (ACAO)
February 4, 2024
•[ sql injection, data leak, cyber-espionage ]
Threat actors exploited a vulnerable web application belonging to the Arab Civil Aviation Organization via SQL injection, exfiltrating staff and member credentials and communications. The stolen data, published on dark-web forums on February 4 2024, was identified by Resecurity, which assessed the activity as part of a cyber-espionage campaign targeting aviation-safety specialists across multiple Arab states.
