Cyber Incident Victim: Israeli Defense Contractors
Date:
Oct 2011
Location:
Israel
Summary
Hackers believed to operate from China breached three Israeli defense contractors involved in developing missile defense systems, including components of the Iron Dome. The attackers exfiltrated substantial intellectual property covering missile schematics, unmanned aerial vehicle technology, and ballistic rocket systems, with stolen documents containing U.S. International Traffic in Arms Regulations markings indicating restricted technical data. The compromised materials included detailed specifications for advanced defense projects, though victim firms provided limited public acknowledgment of the incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between October 2011 and August 2012, three prominent Israeli defense contractors—Elisra Group, Israel Aerospace Industries (IAI), and Rafael Advanced Defense Systems—experienced sustained cyber intrusions resulting in the theft of sensitive military technology documents. Threat intelligence firm Cyber Engineering Services Inc. (CyberESI) identified these breaches through monitoring of the attackers' covert communication channels. The hackers systematically exfiltrated intellectual property related to critical defense systems, including detailed specifications for Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rocket technology, and components of Israel's Iron Dome air defense system. CyberESI attributed the attacks to threat actors operating from China based on infrastructure analysis, though no formal attribution was confirmed by governmental entities. The compromised data included approximately 900 pages of schematics for the Arrow 3 missile from IAI alone, with many documents bearing International Traffic in Arms Regulations (ITAR) designations restricting their distribution under U.S. export controls.
The breaches impacted proprietary technologies central to Israel's missile defense capabilities during active conflict, with Iron Dome having intercepted 20% of over 2,000 rockets fired at Israel prior to the incidents' disclosure in 2014. U.S. congressional deliberations on providing $350 million in additional funding for Iron Dome development coincided with public revelation of the compromises. Elisra Group and Rafael Advanced Defense Systems did not respond to inquiries about the breaches, while IAI dismissed CyberESI's findings as "old news" but could not produce evidence of prior public reporting. None of the firms confirmed whether U.S. defense partners were notified about the data theft. The exfiltration of ITAR-controlled documents raised concerns about potential violations of U.S. defense trade regulations and unauthorized technology transfer. Security analysts emphasized the incidents demonstrated persistent vulnerabilities in protecting military-industrial assets from advanced persistent threats targeting restricted weapons systems data.