• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Embargo Ransomware nets $34.2M in crypto since April 2024

 | 

Germany limits police spyware use to serious crimes

 | 

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

 | 

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

 | 

Columbia University data breach impacted 868,969 people

 | 

SonicWall dismisses zero-day fears after Ransomware probe

 | 

Air France and KLM disclosed data breaches following the hack of a third-party platform

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Intelligence
  • Chinese Hackers Comment Crew stole plans of Iron Dome Defense System

Chinese Hackers Comment Crew stole plans of Iron Dome Defense System

Pierluigi Paganini July 29, 2014

CyberESI firm revealed that Chinese hackers members of the Comment Crew group violated the corporate networks of top Israeli defense companies.

Once again a news refers of Chinese hackers, alleged members of the Comment Crew group, who have conducted a cyber espionage campaign. This time is has been reported that the attackers violated the databases of three Israeli defense contractors and stole blueprints for Israel’s Iron Dome missile defense system.
 
The Israeli Iron Dome is the technology that allows Israel to intercept rockets sent against its territories, it has been estimated that approximately one-fifth of the more than 2,000 rockets that Palestinian militants have fired at Israel during the current conflict were intercepted with this defense system.
 
“The U.S. Congress is currently wrangling over legislation that would send more than $350 million to Israel to further development and deployment of the missile shield technology. If approved, that funding boost would make nearly $1 billion from the United States over five years for Iron Dome production, according to The Washington Post.”

An investigation by a Maryland-based cyber security firm ‘Cyber Engineering Services Inc. (CyberESI)’ revealed the disconcerting reality, he also reported that the Chinese hackers accessed plans regarding other other missile interceptors, including drones, ballistic rockets and the Arrow III missile interceptor which was designed by Boeing and other US-based companies.

 

israel iron dome Comment Crew

 

In February 2013, the Mandiant Intelligence Center released an interesting report on a large-scale cyber espionage campaign dubbed APT1.  The term APT1 is referred to one of the numerous cyber espionage campaign that stole the major quantity of information all over the world.  After the disclosure of the Mandiant Report the Comment Crew went in the dark, senior researcher at FireEye. Alex Lanstein explained that The Comment Crew was still working undercover after an apparent period of rest.

“They took a little breather, and they started back up,” he said.

Security researchers noted that after the intense activities observed early 2013 the group stopped using its infrastructures and suspended attack the company initially targeted, in reality the Comment Crew group started new campaigns against new and old targets from different infrastructures.

“We didn’t see them take control of any of the systems they had previously compromised,” “They started fresh with a whole new round of attacks.” Lanstein revealed.

The Mandiant’s report blamed the Chinese military unit called “61398” for a series of cyber attacks that compromised 141 organizations in seven years. Experts at Mandiant identified a common pattern for the attacks originated from Chinese sources defining also a series of key indicators for identifying ongoing APT attacks.

CyberESI revealed that the Chinese hackers violated the corporate networks of top Israeli defense companies, including Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems, which were committed for the development of the “Iron Dome” missile shield. The attackers hit the Israeli companies through spear-phishing attacks conducted between October 10th, 2011 and August 13, 2012.
 
“Joseph Drissel, CyberESI’s founder and chief executive, said the nature of the exfiltrated data and the industry that these companies are involved in suggests that the Chinese hackers were looking for information related to Israel’s all-weather air defense system called Iron Dome.” reported Brian Krebs in a blog post.
 
The Comment Crew team maintained a persistent access to the IAI network, which allowed it to steal administrator credentials, implant malware and dump Active Directory data from at least two domains.
The Comment Crew hackers exfiltrated any type of document, including emails and Office documents containing also information about Iron Dome and other sophisticated ballistic projects. Experts at Cyber ESI
identified more than 700 documents that were stolen from Israel Aerospace Industries (IAI).

“All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated form IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI.”

“The intellectual property was in the form of Word documents, PowerPoint presentations, spread sheets, email messages, files in portable document format (PDF), scripts, and binary executable files,” CyberESI wrote in a lengthy report produced about the breaches.

The experts identified a similar attack pattern in the offensive against the company Elisra, a data breach that according to CyberESI began in October 2011 and persisted intermittently until July 2012. 
The worrying aspect of the disconcerting discovery is that the information stolen, once in the wrong hands, could represent a serious menace for Israel and its population.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

Security Affairs –  (Iron Dome, cyber espionage)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

61398 Chinese hackers Comment Crew cyber espionage CyberESI data breach Iron Dome Israel Mandiant spear phishing

you might also like

Pierluigi Paganini August 11, 2025
MedusaLocker ransomware group is looking for pentesters
Read more
Pierluigi Paganini August 10, 2025
Google confirms Salesforce CRM breach, faces extortion threat
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

    Hacking / August 14, 2025

    Critical FortiSIEM flaw under active exploitation, Fortinet warns

    Hacking / August 13, 2025

    Charon Ransomware targets Middle East with APT attack methods

    Malware / August 13, 2025

    Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

    Data Breach / August 13, 2025

    SAP fixed 26 flaws in August 2025 Update, including 4 Critical

    Uncategorized / August 13, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT