WASHINGTON — The 2016 hacking of an Australian company, which resulted in the theft of data from military programs like the F-35 and P-8 surveillance aircraft, did not compromise any classified information linked to the joint strike fighter, the F-35 program office has confirmed.
“The F-35 Joint Program Office is aware of this supplier cyber breach that compromised non-classified data in the summer of 2016,” Joe DellaVedova, spokesman for the F-35 joint program office, told Defense News. “No classified F-35 information was compromised.”
During an interview with Australian Broadcasting Corporation radio cited by Reuters, Christopher Pyne, Australia’s minister for defense industry, confirmed that about 30 gigabytes of data had been stolen during the attack, and said that the Australian government still does not know who the attacker was.
The intrusion was first reported by technology news site ZDNet on Wednesday, which cited the recently released the Australian Cyber Security Centre’s 2017 threat report.
“In November 2016, the ACSC became aware that a malicious cyber adversary had successfully compromised the network of a small Australian company with contracting links to national security projects,” the ACSC stated in the report. “ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data.”
“Analysis showed that the adversary gained access to the victim network by exploiting an internet-facing server, then using administrative credentials to move laterally within the network, where they were able to install multiple webshells — a script that can be uploaded to a webserver to enable remote administration of the machine — throughout the network to gain and maintain further access,” the report continued.
Other defense products impacted by the hack include the C-130 Hercules transport plane, the Joint Direct Attack Munition and several unnamed Australian naval vessels, ZDNet stated.