“Chinese” Hackers Hit Firms Behind Israel’s Iron Dome

Brian Krebs describes the discovery of security breaches at three Israeli defense contractors, apparently targeting the country’s ‘Iron Dome’ missile shield. The attacks reportedly “bore all of the hallmarks” of a group believed to be linked to the PLA’s Unit 61398. From Krebs on Security:

According to Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. (CyberESI), between Oct. 10, 2011 and August 13, 2012, attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies, including Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems.

By tapping into the secret communications infrastructure set up by the hackers, CyberESI determined that the attackers exfiltrated large amounts of data from the three companies. Most of the information was intellectual property pertaining to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and other technical documents in the same fields of study.

Joseph Drissel, CyberESI’s founder and chief executive, said the nature of the exfiltrated data and the industry that these companies are involved in suggests that the Chinese hackers were looking for information related to Israel’s all-weather air defense system called Iron Dome. [Source]

Unit 61398 has previously been accused of conducting a two-year campaign to steal U.S. drone technology. The value to China of information on Iron Dome is perhaps less clear. Business Insider’s Armin Rosen commented that “Iron Dome is of limited applicability outside of an Israeli context. It was made to pick off relatively unsophisticated short and mid-range missiles of a kind that threaten almost no other developed country or military.” Even within this niche, a number of critics have challenged Israeli claims of the system’s effectiveness.

See more on international hacking disputes via CDT.

Updated at 10:02 PDT on July 29th: Israel Aerospace Industries claims in an emailed statement that there was no loss of sensitive information:

The information reported regarding the leakage of sensitive information is incorrect.

The publications refer to an attempt to penetrate the Company’s civilian non-classified Internet network which allegedly occurred several years ago.

IAI’s cyber security systems operate in accordance with the most rigorous requirements and also in this case they were proven to be effective.

A spokesman for Rafael Advanced Defense Systems told The Guardian that the company “does not recall such an incident.”