Cyber Incident Victim: Elbit Systems of America
Date:
Jun 2022
Location:
United States of America
Summary
A defense contractor subsidiary experienced a data breach following a ransomware attack, with unauthorized network activity prompting immediate system shutdowns and forensic investigation. The intrusion compromised employee personal information including names, addresses, Social Security numbers, birthdates, financial details, and ethnicity, affecting 369 individuals who received breach notifications and identity protection services. The Black Basta ransomware group claimed responsibility, subsequently leaking allegedly stolen payroll, audit, and confidentiality documents after the victim declined ransom demands. This incident follows prior cyber targeting against the same organization years earlier.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 8, 2022, Elbit Systems of America, a Texas-based defense contractor and subsidiary of Israel’s Elbit Systems, experienced a cybersecurity incident involving unauthorized access to its network. The company detected unusual activity on its systems on the same day as the breach occurred, prompting immediate containment measures that included shutting down the affected network infrastructure to prevent further intrusion. An investigation conducted with assistance from a cybersecurity firm determined that an attacker had potentially exfiltrated sensitive employee data, including names, addresses, Social Security numbers, dates of birth, direct deposit details, and ethnicity information. The breach impacted 369 individuals, whom Elbit notified in July 2022 via communications facilitated by a law firm. Affected parties were offered 12 months of complimentary identity protection and credit monitoring services. Elbit Systems of America specializes in defense, aviation, homeland security, and medical instrumentation solutions, though the specific systems compromised in the attack were not disclosed in public notifications.
The Black Basta ransomware group claimed responsibility for the attack in late June 2022, publishing a limited set of allegedly stolen documents on its Tor-based leak site, including payroll reports, audit documents, confidentiality agreements, and non-disclosure agreements. The gang’s announcement implied full public release of exfiltrated data, indicating Elbit did not comply with ransom demands. At the time of reporting, Black Basta’s leak site exhibited technical difficulties, displaying only partial records. This incident marked the second known cyberattack targeting Elbit Systems of America, following a 2018 event in which a hacker leaked account information purportedly obtained from the company’s systems. While Elbit acknowledged the 2018 targeting, it had not confirmed a definitive breach or data theft prior to the 2022 incident. No operational disruptions or additional consequences beyond the confirmed data exposure were detailed in regulatory filings or public statements.