Cyber Incident Victim: Rafael Advanced Defense Systems
Date:
Oct 2011
Location:
Israel
Summary
A cybersecurity breach targeted multiple Israeli defense contractors involved in developing missile defense technology, including Rafael Advanced Defense Systems. Attackers believed to be operating from China infiltrated corporate networks, exfiltrating substantial intellectual property related to critical military systems such as the Iron Dome air defense, Arrow III missiles, and unmanned aerial vehicles. The stolen documents included technical specifications and schematics regulated under U.S. International Traffic in Arms Regulations (ITAR), indicating sensitive defense data with restricted access. The compromised materials revealed detailed design elements of advanced missile systems. Affected firms largely dismissed or declined to address inquiries regarding the breaches, with one contractor characterizing the incident as outdated information but failing to provide evidence of prior disclosure. The theft underscored persistent vulnerabilities in protecting proprietary defense assets from coordinated cyber intrusions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 4 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between October 2011 and August 2012, hackers infiltrated the networks of three major Israeli defense contractors—Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems—responsible for developing the Iron Dome missile defense system. The attackers, suspected to originate from China, systematically exfiltrated extensive proprietary data over ten months. Cyber Engineering Services Inc. (CyberESI) uncovered the breach by monitoring the attackers' covert communication channels, revealing theft of technical documents covering Arrow III missile systems, Unmanned Aerial Vehicles (UAVs), ballistic rocket technology, and other defense-related intellectual property. The compromised materials included detailed schematics such as a 900-page Arrow 3 missile specification document from Israel Aerospace Industries. Much of the stolen data carried International Traffic in Arms Regulations (ITAR) designations, indicating U.S. government restrictions on its dissemination.
The breach occurred during heightened geopolitical tensions, with Iron Dome actively intercepting rockets in the Israel-Palestine conflict and the U.S. Congress debating $350 million in additional funding for the system. Neither Elisra nor Rafael acknowledged the intrusions or responded to inquiries about the incidents. Israel Aerospace Industries dismissed CyberESI’s findings as “old news” but provided no evidence of prior public disclosure or details about breach notifications to U.S. partners. The theft exposed sensitive defense technologies critical to regional security and raised concerns about potential ITAR violations due to the unauthorized transfer of controlled technical data. No remediation efforts, forensic findings, or post-incident security upgrades were disclosed by the affected organizations.