Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Israel's Iron Dome missile tech stolen by Chinese hackers

Corporate raiders Comment Crew fingered for attacks

A Chinese hacking team previously accused of being behind raids against US defence contractors has been accused of a new data heist: plundering the tech behind Israel's Iron Dome missile defence system.

Beijing's infamous Comment Crew hacking group is thought to have executed the intrusions into the corporate networks of top Israeli defense technology companies linked to the Iron Dome, including Elisra Group, Israel Aerospace Industries and Rafael Advanced Defense Systems, between 10 October 2011 and 13 August 2012, according to Cyber Engineering Services (CyberESI).

The Iron Dome has stopped a barrage of rockets launched into Israel from Gaza and has been hailed the world's most effective missile shield. US investment in Iron Dome could soon top US$1 billion over five years.

In February 2013, Mandiant identified Comment Crew as People's Liberation Army Unit 61398. The United States Justice Department in May charged five members of the unit with various hacking and espionage offenses.

The explosive allegations were detailed by Krebs on Security and contained within a CyberESI report which the company said it was not yet prepared to release publicly.

Of the three targeted organisations only Israel Aerospace Industries confirmed the breach, downplaying the attacks as "old news".

Information accessed included intellectual property on the Iron Dome Arrow 3 rockets built by Israel, the US, IAI and Boeing, and included a 900 page document of detailed schematics and specifications, along with information on Unmanned Aerial Vehicles and ballistic rockets.

Some 700 files were pillaged from IAI, amounting to 763MBs, including Word documents and spreadsheets, PDFs, emails, and executable binaries, Krebs reported.

Comment Crew maintained hooks inside IAI for four months during the 2012 raid, pivoting laterally across the network to plunder more information. They stole administrator credentials, planted trojans and keyloggers, and dumped Active Directory data from at least two domains.

The hacker outfit broke into the network of IAI subsidiary Elisra in October 2011 and remained there for a year where they copied emails from top executives including the chief executive officer, chief technology officer and vice presidents.

Elisra had contracts to supply electronic warfare systems to Seoul for its fleet of Airbus CN-235 transports and other unnamed countries for land vehicles. It is not suggested files relating to these contracts were compromised.

CyberESI reported the attacks to the companies but did not receive a response, Krebs reported.

This story will be updated if and when The Register receives a copy of the CyberESI report. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like