US-based threat intelligence firm Cyber Engineering Services (CES) discovered the news after tapping secret communication infrastructure set-up by hackers and told investigative journalist Brian Krebs that China's elite cyber operations group “Comment Crew” – otherwise known as “PLA Unit 61398” – was behind the attack.
Krebs, writing on his KrebsOnSecurity website, says that the group stole “huge quantities of sensitive material” relating to the Arrow III missile interceptor between 2011 and 2012, with most of the 700 (762 MB in size) files containing intellectual property. These documents were largely Word documents, PowerPoint messages, PDFs, emails and spread sheets.
The Arrows III missile interceptor forms part of Israel's US$ 1 billion (£590 million) Iron Dome Missile system, which was developed by the Israeli Defence Forces with Rafael Advanced Defense Systems. It is designed to intercept and destroy short-range rockets and artillery fired from up to 43 miles away and is said to have intercepted a fifth of the 2,000 rockets fired by Palestinian militants during the current conflict.
PLA Unit 61398 is alleged to have pilfered documents on missiles, unmanned aerial vehicles and ballistic rockets by infiltrating the computer systems of contractors Rafael Advanced Defense Systems, Israel Aerospace Industries (IAI) and Elisra Group – all of which have worked on the US-designed Arrow III missile in the past. One of the documents stolen from the IAI was a 900-page report on the schematics and specifications of the missile.
The group apparently breached the IAI on the back of a specially-crafted phishing email, compromised privileged credentials and installed various tools and Trojan horse programs once inside the respective company networks to expand their access to sensitive files.
The news has led some people to speculate that China has plans to develop a missile defence system of its own.