Detailed schematics for a particular type of anti-ballistic missile, information about rockets, and pages upon pages of other mechanical documents were allegedly stolen from a trio of Israeli defense contractors between 2011 and 2012, it was revealed today.
A Maryland-based threat intelligence firm claims attackers, apparently based in China, were able to hack into the firms’ networks and make off with the sensitive data, KrebsonSecurity said.
The information was siphoned from the networks belonging to Tel Aviv-based Israeli firms Elisra Group, Israel Aerospace Industries and Rafael Advanced Defense Systems, the website reported.
Experts from Cyber Engineering Services Inc., who spoke to reporter Brian Krebs, claim they were able to tap into the hackers’ ‘secret communications infrastructure’ and determine the hackers absconded with a slew of information from the three contractors between Oct. 10, 2011 and Aug. 13, 2012.
The information the hackers were able to lift pertained to “Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and other technical documents.”
Joseph Drissel, CyberESI’s founder and chief executive believes the attackers were on the hunt for information regarding Iron Dome, Israel’s multi-million dollar all-weather air defense system. Currently embroiled in the Gaza conflict, the country has been using the system most recently to deflect rockets fired by Hamas.
As for the breaches, the hackers were apparently able to use a series of phishing attacks to muscle their way into at least one of the three systems, Israel Aerospace Industries (IAI), on April 16, 2012.
From there the hackers “compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems,” according to a forthcoming report from CyberESI about the three year-old breaches.
In October 2011, the hackers broke into Elisra in more or less the same way and had access to the company’s files on and off until July 2012. CyberESI claims attackers “copied the emails for many of Elisra’s top executives, including the CEO, the chief technology officer (CTO) and multiple vice presidents within the company.”
While it’s not entirely clear who the attackers were, Drissel makes a connection in Krebs’ piece between the way IAI was hacked and the work of Comment Crew, the infamous collaborative of Chinese military-linked hackers.
Comment Crew gained peak visibility when it was profiled by Mandiant’s “APT1” report in 2013 after it was revealed the collective had mined terabytes of sensitive military data for up to seven years. According to Drissel, in the case of the Israeli defense contractors, the attacks “bore all of the hallmarks” of Comment Crew.
The Justice Department indicted five members of Comment Crew, a/k/a the Chinese People’s Liberation Army Unit 61398, in May and charged them for hacking into a handful of U.S. networks. The indictment (.PDF) largely blamed the men (Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui) for hacking into companies like Westinghouse, United States Steel and Alcoa, and not the Department of Defense or U.S. defense contractors and had been in the works for two years but evidence gathering took much longer than experts expected.