Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company’s network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to a high-profile hack at RSA Security, the security division of EMC Corp. in March.
Wired.com’s Threatlevel blog reported on Tuesday that an April e-mail sent from an executive at L-3’s Stratus Group to around 5,000 employees of that division of the company claimed that L-3 “has been actively targeted with penetration attacks leveraging the compromised information,” referring to the hack of RSA’s SecurID information. An L-3 spokesperson did not respond to Threatpost requests for comment.
RSA admitted to the serious breach in March, but denied that the information taken by attackers could be used to clone RSA SecureID tokens, which are used as a second factor for users who wish to access network resources, often from remote locations.
Following the breach, RSA warned customers to be on the lookout for targeted attacks. Information taken from RSA servers “could potentially be used to reduce the effectiveness of a current two-factor authentication,” the company warned.
On May 29, Lockheed Martin claimed it thwarted a “tenacious” cyber attack on May 21 and that no “customer program or employee personal data” was compromised. Published reports in Wired.com and elsewhere suggested that the Lockheed attack, also, made use of forged SecurID tokens to generate one time passwords and gain access to Lockheed’s network. However, the company did not confirm that and security experts have questioned whether the Lockheed incident had anything to do with the compromise at EMC.
Large military contractors are a frequent target of so called “advanced persistent” attackers, which use a variety of tactics to compromise sensitive networks and make off with customer and employee data, intellectual property and more.
The hacks and reported links to the earlier hack at EMC/RSA have spurred calls for better sharing of attack details.