Three Israeli defense contractors housing detailed schematics of information on anti-ballistics missiles, information about rockets, and a trove of critically sensitive documents were were comprised by hackers in a data breach from 2011 to 2012, new reports state.
According to Maryland-based threat intelligence firm, Cyber Engineering Services Inc. (CyberESI), Chinese based attackers were able to hack into the firms’ networks and breach a large amount of sensitive data, KrebsonSecurity reported
Information siphoned out of the trio of firms belonged to Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems, the report reads.
Experts from CyberESI told Krebs they were able to tap into the hackers ‘secret communications infrastructure’ to communicate what files hackers had siphoned out from the three contractors. “Most of the information was intellectual property pertaining to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and other technical documents in the same fields of study,” CyberESI told Krebs. Information was continuously breached from the firms throughout October 10, 2011 to August 13, 2012.
CyberESI’s founder and chief executive, Joesph Drissel, believes attackers were after information related to the Israel’s multi-million dollar all-weather air defense system known as the Iron Dome. The Israeli government has credited the Iron Dome for intercepting nearly one-fifth of the nearly 2,000 plus rockets that Palestinian militant have fired at Israel during the current conflicts.
Attackers were reported to gain access by a series of email phishing attacks for at least one of the three firms, Israel Aerospace Industries (IAI), on April 16, 2012. From there, the Chinese hackers “compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems,” according to CyberESI on the three year-old data breaches.
October 2011, hackers broke into Elisra Group with near same tactics, and had on/off access to company files until July 2012. CyberESI claims during the breach, attackers “copied the emails for many of Elisra’s top executives, including the CEO, the chief technology officer (CTO) and multiple vice presidents within the company.”
The identity of the hackers is not confirmed, Drissel speculates with a connection in a past Krebs article between the way IAI was hacked and the Comment Crew, the infamous state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and United States corporations.
Comment Crew is the same hacking group profiled by Mandiant’s “APT1” report in 2013, after the group was found to had mined terabytes of sensitive military data for nearly seven years. Five prominent Chinese military members were indicted by the FBI charged with a slew of criminal hacking charges alongside cyber espionage. The military members indicted and largely blamed for the attacks were Gu Chunhui, Huang Zhenyu, Sun Kailiang, Wang Dong, and Wen Xinyu.
Once Comment Crew gained access to IAI’s network, Comment Crew team spent the next four months in 2012 using their access to install a number of tools and Trojan horse programs throughout the company’s network to expand their access to sensitive documents, CyberESI said. Cybercriminals performed various notorious actions as reported earlier in the article.
CyberESI was able to acquire 700 files, sizing up to 762MB, of breached documents related to IAI’s network. The firm said most of the acquired data was intellectual property and was likely to represent a small portion of data stolen from Israel Aerospace Industries.