Cyber Incident Victim: Elisra Group
Date:
Oct 2011
Location:
Israel
Summary
Hackers compromised three Israeli defense contractors, including Elisra Group, stealing substantial sensitive documents related to critical missile defense technologies such as the Iron Dome system, Arrow III missiles, unmanned aerial vehicles, and ballistic rockets. The attackers, believed to operate from China, exfiltrated proprietary intellectual property and technical specifications, many controlled under U.S. International Traffic in Arms Regulations (ITAR). The breach involved unauthorized access to corporate networks over an extended period, resulting in significant theft of restricted defense materials. While one contractor dismissed the findings as outdated, others did not respond to inquiries about the security incidents or potential notifications to U.S. partners.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between October 10, 2011, and August 13, 2012, hackers compromised three Israeli defense contractors involved in developing the Iron Dome missile defense system: Elisra Group, Israel Aerospace Industries (IAI), and Rafael Advanced Defense Systems. The attackers, assessed by threat intelligence firm Cyber Engineering Services Inc. (CyberESI) to be operating from China, infiltrated corporate networks and exfiltrated substantial volumes of sensitive technical documents. Stolen data included intellectual property related to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and other defense technologies aligned with the contractors' specializations. CyberESI confirmed the theft by monitoring the attackers' covert communication channels, revealing sustained data transfers over ten months. Many compromised documents carried International Traffic in Arms Regulations (ITAR) designations, U.S. State Department controls restricting access to defense-related technical data. Among the stolen materials was a 900-page IAI document detailing schematics and specifications for the Arrow 3 missile system. The breaches occurred during a period of heightened regional conflict, with Iron Dome actively intercepting rockets fired at Israel.
The incident's discovery remained undisclosed publicly until CyberESI's 2014 findings, with no prior media coverage of the breaches. Elisra Group and Rafael Advanced Defense Systems did not respond to inquiries about the intrusions. IAI dismissed CyberESI's report as "old news" but failed to produce evidence of earlier disclosures or answer specific questions about breach notifications to U.S. partners. The theft implicated U.S. national security interests due to ITAR-controlled documents and ongoing Congressional deliberations to allocate $350 million for Iron Dome development. Exfiltrated data potentially compromised proprietary details of systems credited with intercepting 20% of rockets targeting Israel during active hostilities. No remediation actions, technical containment measures, or forensic findings from the affected companies were disclosed in available reporting. The breaches demonstrated persistent targeting of defense contractors by advanced threat actors seeking restricted military technologies.