Unclassified but “sensitive” information about Australia’s advanced aircraft has been stolen from a government contractor.
Australian officials said on Thursday that about 30 gigabytes of data had been stolen in a cyber attack, including details of the F-35 Joint Strike Fighter warplane and P-8 Poseidon surveillance aircraft.
“Fortunately, the data that has been taken is commercial data, not military data… it’s not classified information,” Defense Industry Minister Christopher Pyne told Australian Broadcasting Corporation (ABC) Radio. “I don’t know who did it.”
“It could be one of a number of different actors,” Pyne added. “It could be a state actor, [or] a non-state actor. It could be someone who was working for another company.”
Government reports said the hacker had infiltrated the system in July 2016 but authorities in Australian Signals Directorate (ASD) spy agency were only alerted in November.
Describing the hack as “extensive and extreme,” ASD incident response manager Mitchell Clarke told a Sydney security conference that the attacker had exploited a weakness in software being used by the government contractor. The software had not been updated for 12 months.
F-35 stealth fighters are the US’s latest generation of fighter jets, and the P-8 is an advanced submarine hunter and surveillance aircraft.
Clarke, declining to reveal the name of the contractor, said technical data about the stealth fighters and P8 had been stolen. He said a wireframe diagram of one of the Australian navy’s new ships — where a viewer could “zoom in down to the captain’s chair” — had also been stolen.
A spokesman for the Australian Cyber Security Center (ACSC) said the cyber attack had been carried out by a “malicious cyber adversary,” adding, however, that Sydney would not release further details about the incident.
Australian officials say that the country is increasingly a target of cyber criminals as it aims to undertake a massive USD 39-billion submarine project described as the world’s largest.
Australia’s Assistant Minister for Cyber Security Dan Tehan said on Tuesday that there had been 47,000 cyber incidents in the past 12 months, up by 15 percent from the previous year. A key worry was the 734 attacks that hit private sector national interest and critical infrastructure providers during the period, Tehan added.
In 2016, the ACSC revealed that foreign spies installed malicious software on the Bureau of Meteorology’s system and stole an unknown number of documents.