Dan Tehan, the minister in charge of cyber security, on Tuesday confirmed the hacking of an unnamed contractor.
F-35 Joint Program Office acknowledges breach, says no classified data was stolen.
Secret information about new fighter jets, navy vessels and surveillance aircraft has been stolen from an Australian defence contractor.
The Australian Cyber Security Centre (ACSC) noted in its just-issued 2017 Threat Report that a small Australian defense company “with contracting links to national security projects” had been the victim of a cyber-espionage attack detected last November.
About 30 gigabytes of data was compromised in the hack on a government contractor, including details about new fighter planes and navy vessels.
During an interview with Australian Broadcasting Corporation radio cited by Reuters, Christopher Pyne, Australia’s minister for defense industry, confirmed that about 30 GB of data had been stolen during the attack, and said that the Australian government still does not know who the attacker was.
The data included commercially sensitive material on defence projects including the $14 billion Joint Strike Fighter program, the P-8 Poseidon surveillance plane and several naval ships.
The investigation by Australian Signals Directorate (ASD) found the company had not changed its default passwords on its internet facing services.
According to ASD incident response manager Mitchell Clarke, the cyber thief hacked into the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.
The P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft and the Joint Direct Attack Munition (JDAM) smart bomb kit were also among the sensitive data stolen from a small Australian defence contractor in 2016, ZDNet reports.
The 2016 hacking of an Australian company, which resulted in the theft of data from military programs like the F-35 and P-8 surveillance aircraft, did not compromise any classified information linked to the joint strike fighter, the F-35 program office has confirmed.
“The F-35 Joint Program Office is aware of this supplier cyber breach that compromised non-classified data in the summer of 2016,” Joe DellaVedova, spokesman for the F-35 joint program office, told Defense News. “No classified F-35 information was compromised.”
The breach was achieved by “exploiting an Internet-facing server,” the ACSC reported, “then [by] using administrative credentials to move laterally within the network, where they were able to install multiple webshells—a script that can be uploaded to a webserver to enable remote administration of the machine—throughout the network to gain and maintain further access.”
A US State Department official declined to comment on the subject but said that “as a general matter, we can say that the State Department expects all individuals and companies to take necessary steps to safeguard sensitive defense technologies to fully comply with International Traffic in Arms Regulations”.