01 ·
State-sponsored threat intel
We track APT28, APT41, Lazarus, MuddyWater active against the European industrial base: TTPs, C2 infrastructure, known campaigns. MITRE ATT&CK-mapped detection.
Aerospace and security, against state-sponsored APTs.
Aerospace and defence are the primary target of state-sponsored APTs active against European industry. Extremely high-value intellectual property, layered supply chain, overlapping regulatory controls (NIS2 + national perimeter + AQAP + ITAR). Fortgale operates with the intelligence required to recognise them by name.
Compliance
NIS2 transposition
National cyber perimeter
AQAP
ITAR · EAR
Standards
MITRE ATT&CK
ISO/IEC 27001
TIBER-EU equivalent
Why Fortgale for aerospace & defence
Three constraints specific to the sector.
Aerospace and defence is not "manufacturing with extra rules": it is a perimeter where the adversary is structured as a nation-state, the supply chain has 4-5 layers of depth and regulations are multi-stack. All three factors radically change the cyber outpost required.
02 ·
Defence supply chain
The favoured APT vector is the sub-supplier. MDR extended to critical suppliers, monitoring of access brokers, supply chain risk assessment with continuous infostealer log verification.
03 ·
Multi-norm compliance
NIS2 + national perimeter + AQAP + ITAR/EAR: controls overlap. Fortgale produces a single mapping matrix to avoid duplication and gaps.
APTs tracked · against Europe
Four state-sponsored groups.
Fortgale actively tracks these groups based on documented incidents against the European industrial base in the last 24 months. The TTPs are integrated in the detection rules, the IoCs feed the SOC.
Russia · GRU
APT28 (Fancy Bear)
Politico-military espionage. Spear phishing on technical staff, exploitation of Exchange and VPN 0-days. Long-time target of European aerospace.
China · MSS
APT41 / Mustang Panda
Long-term industrial espionage. IP theft, persistent modifications to build servers, multi-year access. Civil and dual-use aerospace.
North Korea
Lazarus / BlueNoroff
Espionage + finance. Job-offer impersonation via LinkedIn against aerospace engineers, supply chain attack on developer tooling.
Iran · MOIS
MuddyWater · APT34
Mass low-cost phishing, credential harvesting, persistence via PowerShell. Pivoting to regional partner supply chains.
Proof · defence scale
Four numbers on the defence landscape.
4
State-sponsored APTs
tracked in EU
tracked in EU
180+
Total threat actors
profiled and blocked
profiled and blocked
34 k+
IoCs per week
from real incidents
from real incidents
24·7
European SOC
for defence supply chain
for defence supply chain
Operational domains
Six areas of the aerospace & defence sector.
01 · Domain
Aerospace industry
OEMs and prime contractors: airframes, engines, avionics, weapons systems, satellites.
02 · Domain
Defence & systems
Command-and-control systems, simulation, training, tactical communications.
03 · Domain
Commercial space
Satellite operators, ground segment, commercial payloads, Earth Observation.
04 · Domain
Critical sub-supply
Mechanical components, electronics, embedded software, AQAP certification.
05 · Domain
MRO services
Maintenance, repair, overhaul: mixed IT/OT environments with proprietary tooling.
06 · Domain
Research centres
Universities, consortia, R&D laboratories with access to national and EU programmes.
Related services
Three components for aerospace & defence.
Proprietary CTI
Cyber Threat Intelligence
180+ adversaries profiled, focus on state-sponsored APTs active against Europe. Reports and vertical advisories.
Discover CTI →European SOC
MDR 24·7
MITRE ATT&CK-mapped detection, median containment ~11 min. Extended to critical sub-suppliers.
Discover MDR →IT/OT
Manufacturing Cybersecurity
Critical manufacturing sector pillar. Solutions for industrial machines and production lines.
Discover →FAQ · Aerospace & Defence
The most frequent questions of the sector.
Which cyber regulations apply to aerospace and defence in Europe?
Four overlapping pillars: (1) NIS2 transposition for space sector and critical manufacturing; (2) national cyber perimeter regulations for qualified defence entities; (3) AQAP and national industrial security clearances for classified information; (4) ITAR/EAR for US-origin technology export. Fortgale produces a single mapping matrix.
What are state-sponsored APTs and why do they target aerospace and defence?
APTs (Advanced Persistent Threats) state-sponsored are groups backed by national governments with intelligence, sabotage or strategic-economic damage objectives. Aerospace and defence are primary targets for: (1) extremely high-value intellectual property (designs, patents, weapons-system code); (2) access to government supply chains; (3) ability to pivot to less-defended sub-suppliers. Groups active against Europe: APT28 (Russia), APT41 (China), Lazarus (North Korea), MuddyWater (Iran).
How do you protect the defence supply chain?
The defence supply chain is the most exploited attack vector by APTs. Four operational measures: (1) MDR extended to critical sub-suppliers via shared SOC; (2) B2B access hardening (dedicated VPNs, hardware MFA, jump hosts); (3) intelligence on access brokers selling access to defence suppliers; (4) supply chain risk assessment with monitoring of known supplier breaches (data leaks, infostealer credentials).
Are European aerospace companies NIS2 entities?
Yes. The space sector is explicitly included among NIS2 essential entities. Many European aerospace companies also fall under the critical manufacturing classification (important) and a significant share is qualified under national cyber perimeter regulations. When multiple qualifications coexist, the strictest thresholds prevail (national perimeter regimes can require 6-hour notification for high-impact incidents).
Does Fortgale handle classified information?
Fortgale operates on the civilian perimeter and on non-classified information. For entities handling classified information (restricted, secret, top secret) the outpost must have personnel and infrastructure with national security clearances. The operating model combines: (a) Fortgale MDR on the non-classified perimeter; (b) collaboration with cleared dedicated teams on the classified perimeter; (c) joint CSIRT response when incidents cross the two environments.
State-sponsored APTs · against Europe
Your adversary is not opportunistic.
When the target is the European industrial base of aerospace and defence, the attacker is structured, funded and patient. Request a threat briefing on APT groups active against your perimeter, with TTPs, IoCs and prioritised hardening recommendations.