Related topics

Israel's Iron Dome missile tech stolen by Chinese hackers

Corporate raiders Comment Crew fingered for attacks

arrow3china

A Chinese hacking team previously accused of being behind raids against US defence contractors has been accused of a new data heist: plundering the tech behind Israel's Iron Dome missile defence system.

Beijing's infamous Comment Crew hacking group is thought to have executed the intrusions into the corporate networks of top Israeli defense technology companies linked to the Iron Dome, including Elisra Group, Israel Aerospace Industries and Rafael Advanced Defense Systems, between 10 October 2011 and 13 August 2012, according to Cyber Engineering Services (CyberESI).

The Iron Dome has stopped a barrage of rockets launched into Israel from Gaza and has been hailed the world's most effective missile shield. US investment in Iron Dome could soon top US$1 billion over five years.

In February 2013, Mandiant identified Comment Crew as People's Liberation Army Unit 61398. The United States Justice Department in May charged five members of the unit with various hacking and espionage offenses.

The explosive allegations were detailed by Krebs on Security and contained within a CyberESI report which the company said it was not yet prepared to release publicly.

Of the three targeted organisations only Israel Aerospace Industries confirmed the breach, downplaying the attacks as "old news".

Information accessed included intellectual property on the Iron Dome Arrow 3 rockets built by Israel, the US, IAI and Boeing, and included a 900 page document of detailed schematics and specifications, along with information on Unmanned Aerial Vehicles and ballistic rockets.

Some 700 files were pillaged from IAI, amounting to 763MBs, including Word documents and spreadsheets, PDFs, emails, and executable binaries, Krebs reported.

Comment Crew maintained hooks inside IAI for four months during the 2012 raid, pivoting laterally across the network to plunder more information. They stole administrator credentials, planted trojans and keyloggers, and dumped Active Directory data from at least two domains.

The hacker outfit broke into the network of IAI subsidiary Elisra in October 2011 and remained there for a year where they copied emails from top executives including the chief executive officer, chief technology officer and vice presidents.

Elisra had contracts to supply electronic warfare systems to Seoul for its fleet of Airbus CN-235 transports and other unnamed countries for land vehicles. It is not suggested files relating to these contracts were compromised.

CyberESI reported the attacks to the companies but did not receive a response, Krebs reported.

This story will be updated if and when The Register receives a copy of the CyberESI report. ®

Sponsored: Driving business with continuous operational intelligence