Hacker Stole 30GB of Sensitive Data from Australian Defense Contractor


Australian domination officials reported on Wednesday that a hacker stole approximately 30GB of matter from a Department of Defense contractor.According to the Sydney Morning Herald, the compromised facts included sensitive information on Australia’s next-generation spy planes, naval warships and its $14 billion Roast Strike Fighter program.A spokesperson for the Australian Cyber Security Meet (ACSC) said that while the stolen data was commercially supersensitive, the information was not classified.Mitchell Clarke, incident response manager at the unfamiliar intelligence collection agency Australian Signals Directorate (ASD), described the compromise as “enormous and extreme.”At the Australian Information Security Association (AISA) national meeting in Sydney this week, Clarke noted that the stolen low-down revealed details on the F-25 Joint Strike Fighter, P-8 Poseidon maritime protection aircraft, the C-130 transport aircraft and the Joint Direct Attack Munition (JDAM) spirited bomb kit, as well as other naval vessels.According to a separate discharge by ZDNet, the ASD was initially alerted back in November 2016 by a “partner organism” that an attacker had gained access to the network of the DoD contractor.Clarke solemn that the attacker had been in the network since mid-July 2016, with details exfiltration starting about two weeks later.The affected contractor was marked as a 50-person aerospace engineering firm, which had one employee managing all IT-related behaves. The employee had been on the job for nine months.Meanwhile, the attacker is said to pull someones leg exploited a software vulnerability that went un-patched for 12 months, although the unyielding’s web portal was also accessible using default logins, such as “admin admin” and “caller guest.”Lateral movement using those same credentials ultimately gave the attacker access to the domain controller and the remote desktop server, in above moreover to email and other sensitive information, reported ZDNet.“One of the learning products from this particular case study for at least the Australian superintendence is that we need to find a way to start to be a little bit more granular in our constricting to mandate what type of security controls are required,” Clarke implied.

Leave a Reply

Your email address will not be published. Required fields are marked *