Cyber Incident Victim: Israel Aerospace Industries
Date:
Oct 2011
Location:
Israel
Summary
Hackers suspected of operating from China breached multiple Israeli defense contractors, including Israel Aerospace Industries, compromising sensitive documents related to missile defense systems such as Iron Dome, Arrow III missiles, unmanned aerial vehicles, and ballistic rockets. The attackers exfiltrated substantial intellectual property, including technical specifications and schematics regulated under U.S. International Traffic in Arms Regulations (ITAR). The victim company dismissed reports of the breach as outdated without confirming details or disclosing whether U.S. partners were notified, while investigators highlighted the theft's significance given the proprietary military technology involved.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between October 2011 and August 2012, three major Israeli defense contractors—Elisra Group, Israel Aerospace Industries (IAI), and Rafael Advanced Defense Systems—experienced sustained cyber intrusions by attackers suspected to originate from China. These companies were integral to developing Israel’s Iron Dome missile defense system, which was actively intercepting rockets during concurrent regional conflicts. The attackers infiltrated corporate networks and exfiltrated substantial volumes of sensitive technical documents over a ten-month period. Stolen data included proprietary schematics, specifications, and intellectual property related to critical defense projects such as the Arrow III missile system, Unmanned Aerial Vehicles (UAVs), ballistic rocket technology, and other aerospace systems. The compromised information directly pertained to Israel’s layered air defense capabilities, including components of the Iron Dome system credited with intercepting approximately 20% of over 2,000 rockets fired at Israel during hostilities at the time. U.S. legislative efforts to allocate $350 million in additional Iron Dome funding underscored the strategic importance of the compromised technologies.
Columbia, Maryland-based Cyber Engineering Services Inc. (CyberESI) uncovered the breaches by monitoring the attackers’ covert communication channels, revealing the scale and duration of data theft. Among the stolen materials were documents marked under International Traffic in Arms Regulations (ITAR), U.S. controls restricting defense-related technical data sharing, including a 900-page Arrow 3 missile specification document from IAI. When confronted, IAI dismissed CyberESI’s findings as “old news” but could not cite prior public disclosures of the incident. The company declined to confirm whether it notified U.S. partners about the breach or answer specific questions regarding the compromise. Elisra and Rafael did not respond to inquiries about the intrusions. The exfiltrated data’s alignment with Iron Dome’s operational requirements suggested attackers sought insights into Israel’s air defense infrastructure during a period of heightened regional missile threats and international defense collaboration.