According to the 2017 threat report released by the Australian Cyber Security Centre (The ACSC), Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.
Restricted technical data on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and “a few Australian naval vessels” were among the data stolen from a small Australian defence contractor in November 2016.
The target was described as a “small Australian company with contracting links to national security projects”. The attacker had “sustained access to the network for an extended period of time” and had stolen a “significant amount of data”.
The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the US system designed to regulate the export of defence and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case. One document was a wireframe diagram of “one of the navy’s new ships”.
The attacker had been in the network since at least mid-July 2016, with data exfiltration taking place roughly two weeks later. ASD refers to the three months between the attacker gaining access, and the ASD becoming aware of it, as “Alf’s Mystery Happy Fun Time”. Alf being named after the Home and Away character.