Cyber Incident Victim: Westech International
Date:
Jun 2020
Location:
United States of America
Summary
A US nuclear missile contractor supporting the Minuteman III intercontinental ballistic missile system suffered a ransomware attack involving data theft and system encryption. Cybercriminals using MAZE ransomware exfiltrated sensitive information including payroll records and emails, subsequently leaking documents to pressure payment. The incident raised national security concerns due to potential access to military-related data and the ransomware's connections to Russian cybercrime markets, with experts warning stolen information could be sold to hostile states despite ransom payments. The victim organization confirmed the breach and ongoing investigations into the scope of compromised data while continuing its role in maintaining critical nuclear deterrent infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around June 3, 2020, cyber extortionists breached the computer network of Westech International, a subcontractor providing engineering and maintenance support for Northrop Grumman’s Minuteman III intercontinental ballistic missile program. The attackers deployed MAZE ransomware to encrypt the company’s machines, rendering systems inaccessible. Concurrently, they exfiltrated sensitive internal data, including payroll records and corporate emails, later leaking portions online to coerce payment. While investigations were ongoing to determine the full scope of stolen information, preliminary analysis of leaked files indicated the compromise of highly sensitive operational data. Westech confirmed the intrusion and encryption of its systems to Sky News but did not disclose whether classified military material related to the nuclear deterrent program was affected. The Minuteman III systems involved constitute the land-based component of the U.S. nuclear triad, housed in hardened underground silos operated by the U.S. Air Force.
The incident raised concerns among cybersecurity experts regarding potential national security implications, particularly if stolen data was transferred to hostile nation-states. Brett Callow of Emsisoft highlighted the MAZE ransomware’s proliferation via Russian cybercrime markets and its affiliate-based operational model, which enables widespread distribution among criminal groups. Westech initiated investigations to catalog the exfiltrated data but had not confirmed whether it engaged with the attackers or paid a ransom. Experts cautioned that even if ransoms were paid, criminals might still monetize or publish stolen data independently. The breach underscored vulnerabilities in supply chain security for critical defense infrastructure, given Westech’s role in maintaining systems integral to nuclear deterrence. No further technical details regarding intrusion vectors, detection timelines, or containment measures were disclosed by the company or authorities at the time of reporting.