As promised, please see below a quick update on my tip from the 1st of August – “Hacker Claims To Have Hacked Missile Manufacturer.” You can read the original tip below.
MBDA has confirmed on its website that the stolen data is legitimate, but they say it was acquired from a compromised external hard drive, not the company’s internal networks. They also say that the criminal group tried to blackmail them, and when they refused to pay, the data was released for sale on the dark web. Cybercriminals claim to have already sold data to at least one buyer.
Wishing you a great morning, day, or evening 🙂
Incognito Privacy Care Team
Original Tip from 1st August 2022:
This is a really scary one if true.
A group of hackers going by the name Adrastea claim to have hacked the multinational manufacturer of missiles, MBDA. MBDA is a European developer and manufacturer of missiles that resulted from the merger of the leading French, British and Italian missile systems companies Aérospatiale–Matra, BAE Systems, and Finmeccanica. MBDA comes from the initialism of the names of missile companies: Matra, BAe Dynamics, and Alenia.
They say that the stolen data includes
- Information about the employees of the company involved in military projects
- Commercial activities
- Contract agreements and correspondence with other companies.
This is what they said in a statement recently posted on a well know hacking forum:
“Hello! We are “Adrastea” – a group of independent specialists and researchers in the field of cybersecurity. We found critical vulnerabilities in your network infrastructure and gained access to the company’s files and confidential data. Currently, the volume of downloaded data is approximately 60 GB.” reads the ad published by the group on a popular hacker forum. “The downloaded data contains confidential and closed information about the employees of your company, which took part in the development of closed military projects of MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT etc.) and about the commercial activities of your company in the interests of the Ministry of Defense of the European Union (design documentation of the air defense, missile systems and systems of coastal protection, drawings, presentation, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics etc.).”
I am not surprised by this recent hack, as these big defense contractors are not as secure as you think. Remember, I told you about a time when we sent infected USB keys to security personnel in a top company, and nearly every one of them took the bait, plugged the keyfob into their work computer, and potentially infected their whole system. We did not hack them but instead displayed a message saying that we could have hacked them and to report to security training. We also witnessed a scenario where a Chinese hacker (state-sponsored?) was connected to one of the most secure networks in the world (cannot say names) and was siphoning data on new fighter jets for years without being detected.
As soon as I hear more about this, I will let you know.
All the best,
Incognito Privacy Care Team.