recommended reading


Hackers raided Israeli contractors that built Iron Dome missile shield

Credential-stealing malware; Cyber espionage; Network intrusion; Spear-phishing; Unauthorized use of system administrator privileges

The attackers, suspected to be based in China, also copied pages of details on U.S. missile technology from the foreign defense firms.

Three Israeli contractors that architected the “Iron Dome” anti-missile system, which is currently protecting Israel from rocket strikes, were robbed of huge quantities of sensitive documents pertaining to the shield technology.

Maryland-based threat intelligence firm Cyber Engineering Services Inc. asserts the hackers infiltrated the networks of Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems.  The incidents occurred between 2011 and 2012

Among the data taken from IAI is a 900-page document that provides schematics and specifications for the Arrow 3 missile. “Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” said Joseph Drissel, CyberESI’s founder and chief executive. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.”

Much of the information purloined from the contractors was intellectual property involving the Arrow III, drones, ballistic rockets and other technical documents in the same fields of study.

IAI was initially breached by a series of specially crafted email phishing campaigns. “The attacks bore all of the hallmarks of the ‘Comment Crew,’ a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations,” Krebs writes.

Once inside, Comment Crew members spent the next four months using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files.

“The intellectual property was in the form of Word documents, PowerPoint presentations, spread sheets, email messages, files in portable document format (PDF), scripts, and binary executable files,” CyberESI wrote in a lengthy report produced about the breaches.

“Once the actors established a foothold in the victim’s network, they are usually able to compromise local and domain privileged accounts, which then allow them to move laterally on the network and infect additional systems,” the report continues. “The actors acquire the credentials of the local administrator accounts by using hash dumping tools. They can also use common local administrator account credentials to infect other systems with Trojans. They may also run hash dumping tools on Domain Controllers, which compromises most if not all of the password hashes being used in the network. The actors can also deploy keystroke loggers on user systems, which captured passwords to other non-Windows devices on the network.”

The hackers followed a similar strategy to penetrate Elisra. CyberESI said the attackers stole the emails for many of Elisra’s top executives, including the CEO, the chief technology officer and multiple vice presidents within the company. It’s likely that the attackers were targeting people with access to sensitive information within Elisra, and/or were gathering would be targets for future spearphishing campaigns. 


Defense Industrial Base


July 28, 2014

reported by

Krebs on Security

number affected


location of breach



Chinese Hackers

location of perpetrators


date breach occurred

between Oct. 10, 2011 and August 13, 2012

date breach detected


Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.