The Australian Signals Directorate (ASD) has revealed that a cyber-hack last year gained access to the restricted technical information on the F-35 Joint Strike Fighter, Australian naval vessels and defense aircraft.
According to ASD incident response manager Mitchell Clarke, the cyber thief hacked into the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.
The P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft and the Joint Direct Attack Munition (JDAM) smart bomb kit were also among the sensitive data stolen from a small Australian defence contractor in 2016, ZDNet reports.
Clarke gave a presentation at the Australian Information Security Association (AISA), revealing ASD was alerted to the hack of the defence contractor by a "partner organisation”.
"The company ... is very small, they run their own network, it's a network that's supported by one IT person. The rest of the company is either engineering staff or support staff to the engineering workforce," Clarke said.
The stolen information fell under the International Traffic in Arms Regulations (ITAR), a US regulatory regime that restricts and controls the export of defence and military related technologies.
In his highly detailed presentation, Clarke explained that the hacker had been in the network since at least mid July 2016, with data extrusion commencing roughly two weeks later.
Clarke's presentation also revealed the hacker had minimal trouble gaining access to the information, explaining that, while the defence contractor's network was small and vulnerable to threats, the ASD investigation found that its internet-facing services still had their default passwords.