Hackers steal data from nuclear missile contractor

News by Rene Millman

Top secret nuclear missile data has been stolen from a US military contractor by hackers in an extortion attempt.

Cybercriminals gained access to systems owned by US military contractor Westech International according to reports from Sky News.The hackers stole top secret nuclear missile data, encrypted hard drives and began leaking documents in an extortion attempt.

The breached company is a sub-contractor for Northrup Grumman, which provides engineering and maintenance support for the Minuteman III intercontinental ballistic missiles. Westech is based in Albuquerque and was formed in 1995 by Dr. Betty Chao.

Sky News said that the data taken from Westech and leaked online include company emails, payroll, and other “personal information”. The firm admitted it had been hacked and systems encrypted with investigations started to find out what data had been stolen.

"We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files. Upon learning of the issue, we immediately commenced an investigation and contained our systems. We have also been working closely with an independent computer forensic firm to analyse our systems for any compromise and to determine if any personal information is at risk,” it told Sky News in a statement.

The systems at the military contractor were encrypted using the Maze ransomware, which is available on Russian-speaking crime marketplaces on the dark web.

Matt Lock, technical director at Varonis, told SC Media UK that executives and boards must understand that cybercrime is no longer relegated to the realm of amateurs hoping to strike it rich with an untargeted ransomware attack.

“Organised cybercriminals are big-game hunting, and they are gunning for companies to take down. Companies are reaching a turning point where they understand that it’s inevitable, they will succumb to a cyberattack. It’s one reason why the principle of zero trust is gaining ground: You can’t trust users because any user could be compromised at any time,” he said.

“Sure, it’s important to train users about phishing, perform backups and patch systems. But what’s really scary is the idea that criminal groups will steal important data before they encrypt it and hold it for ransom. Talk about adding insult to injury: a company could pay the ransom, only to have their files leaked.”

Tony Cole, CTO at Attivo Networks, told SC Media UK that this is yet another high-profile example of a contractor being inadvertently used by threat actors to carry out a ransomware attack.

“To deal effectively with ransomware organisations need to move from reactive, incident response to an anticipatory, threat preparedness mindset. Practical measures include ensuring all data is backed up with copies kept offline. Other steps include maintaining a secure infrastructure in line with NIST, ISO, or NCSC standards. Additionally, put in place a mechanism to cover lateral movement and ransomware detection and mitigation. Create, exercise, and update your incident response place at least yearly. Keep your systems are updated and have the latest patches,” he said.

Northrup Grumman and the US Department of Defence has yet to make a comment on the incident.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews