Hackers from the Chinese Ministry of State Security who broke into the systems of a contractor working for the U.S. Naval Undersea Warfare Center stole 614GB of sensitive information, including plans for a supersonic anti-ship missile to be launched from a submarine.
The hacks, which occurred in January and February, according to a report in the Washington Post, yielded details on the Sea Dragon missile program, which was created in 2012 to adapt existing military technology to new uses.
“We saw a similar attack when the Dragonfly group gained direct access to the U.S. power grid through a vulnerable third party. That makes two significant, successful breaches targeting highly sensitive materials that have occurred through third parties,” said Fred Kneip, CEO, CyberGRX. “It’s an effective approach because large organizations have thousands of contractors, vendors and suppliers that they interact with – and any one of them could be the way in.”
The breach demonstrates that “even an entity as highly regulated and classified as the federal government is not immune from the danger posed by third-party vulnerabilities,” said Ruchika Mishra, director of product marketing for Balbix, who concurred that since hackers commonly use third parties as entry points, “it makes sense that similar patterns would hold true for nation-states looking to breach their adversaries’ cyber defenses.”
The Pentagon and the FBI are investigating the breach.