recommended reading


Hackers raided Israeli contractors that built Iron Dome missile shield

Credential-stealing malware; Cyber espionage; Network intrusion; Spear-phishing; Unauthorized use of system administrator privileges

The attackers, suspected to be based in China, also copied pages of details on U.S. missile technology from the foreign defense firms.

Three Israeli contractors that architected the “Iron Dome” anti-missile system, which is currently protecting Israel from rocket strikes, were robbed of huge quantities of sensitive documents pertaining to the shield technology.

Maryland-based threat intelligence firm Cyber Engineering Services Inc. asserts the hackers infiltrated the networks of Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems.  The incidents occurred between 2011 and 2012

Among the data taken from IAI is a 900-page document that provides schematics and specifications for the Arrow 3 missile. “Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” said Joseph Drissel, CyberESI’s founder and chief executive. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.”

Much of the information purloined from the contractors was intellectual property involving the Arrow III, drones, ballistic rockets and other technical documents in the same fields of study.

IAI was initially breached by a series of specially crafted email phishing campaigns. “The attacks bore all of the hallmarks of the ‘Comment Crew,’ a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations,” Krebs writes.

Once inside, Comment Crew members spent the next four months using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files.

“The intellectual property was in the form of Word documents, PowerPoint presentations, spread sheets, email messages, files in portable document format (PDF), scripts, and binary executable files,” CyberESI wrote in a lengthy report produced about the breaches.

“Once the actors established a foothold in the victim’s network, they are usually able to compromise local and domain privileged accounts, which then allow them to move laterally on the network and infect additional systems,” the report continues. “The actors acquire the credentials of the local administrator accounts by using hash dumping tools. They can also use common local administrator account credentials to infect other systems with Trojans. They may also run hash dumping tools on Domain Controllers, which compromises most if not all of the password hashes being used in the network. The actors can also deploy keystroke loggers on user systems, which captured passwords to other non-Windows devices on the network.”

The hackers followed a similar strategy to penetrate Elisra. CyberESI said the attackers stole the emails for many of Elisra’s top executives, including the CEO, the chief technology officer and multiple vice presidents within the company. It’s likely that the attackers were targeting people with access to sensitive information within Elisra, and/or were gathering would be targets for future spearphishing campaigns. 


Defense Industrial Base


July 28, 2014

reported by

Krebs on Security

number affected


location of breach



Chinese Hackers

location of perpetrators


date breach occurred

between Oct. 10, 2011 and August 13, 2012

date breach detected


Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.