Chinese hackers penetrated three Israeli companies responsible for the Iron Dome, and stole massive amounts of information, according to a private cybersecurity blog.
The cyber attack occurred in 2011 and 2012, says the KrebSonSecurity blog. The report is based on a study by the American Cyber Engineering Services firm, which says that between October 10, 2011, and August 13, 2012, Chinese hackers broke into Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems, which all worked on Israeli missile defense, UAVS, and ballistic missiles.
IAI brushed off the report, saying it was “old news.”
“At the time, the issue was treated as required by the applicable rules and procedures,” says IAI spokeswoman Eliana Fishler in an email to KrebsOnSecurity. “The information was reported to the appropriate authorities. IAI undertook corrective actions in order to prevent such incidents in the future.”
According to CyberESI, the attack bears the hallmarks of the state-sponsored Comment Crew hacking group.
“Once inside the IAI’s network,” writes KrebonSecurity, “Comment Crew members spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network.
“All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI.”