Chinese gov’t hackers snag secret missile plans in Navy contractor breach
Hackers from the Chinese Ministry of State Security who broke into the systems of a contractor working for the U.S. Naval Undersea Warfare Center stole 614GB of sensitive information, including plans for a supersonic anti-ship missile to be launched from a submarine.
The hacks, which occurred in January and February, according to a report in the Washington Post, yielded details on the Sea Dragon missile program, which was created in 2012 to adapt existing military technology to new uses.
“We saw a similar attack when the Dragonfly group gained direct access to the U.S. power grid through a vulnerable third party. That makes two significant, successful breaches targeting highly sensitive materials that have occurred through third parties,” said Fred Kneip, CEO, CyberGRX. “It’s an effective approach because large organizations have thousands of contractors, vendors and suppliers that they interact with – and any one of them could be the way in.”
The breach demonstrates that “even an entity as highly regulated and classified as the federal government is not immune from the danger posed by third-party vulnerabilities,” said Ruchika Mishra, director of product marketing for Balbix, who concurred that since hackers commonly use third parties as entry points, “it makes sense that similar patterns would hold true for nation-states looking to breach their adversaries’ cyber defenses.”
The Pentagon and the FBI are investigating the breach.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise