Top secret nuclear missile data has now been stolen from a US military contractor by hackers in what appears to be an attempt at extortion.
Just been made public that Cyber-criminals gained access to systems owned by US military contractor Westech International as per reports broadcast on Sky News. The hackers stole top secret nuclear missile data, encrypted hard drives & began actually to leak documents in a presumed blackmail attempt.
This company is a sub-contractor for Northrup Grumman, which provides engineering & maintenance support for the silo-based US Minuteman III intercontinental ballistic missiles. Westech is based in Albuquerque, NM & was formed in 1995 by Dr. Betty Chao.
Sky News reported that the data taken from Westech & leaked online include company emails, payroll, & what was described as other “personal information”. The company has now admitted it had been hacked & systems encrypted, with an urgent investigation now started to quantify exactly what data had been taken.
“We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files. Upon learning of the issue, we immediately commenced an investigation and contained our systems.
We have also been working closely with an independent computer forensic firm to analyse our systems for any compromise and to determine if any personal information is at risk,” a Westech statement informed Sky News.
The systems at the military contractor were encrypted using the ‘Maze’ ransomware, which is found on Russian-speaking criminal places on the Dark Web.
Matt Lock, Technical Director at Varonis explained that executives and boards must understand that cyber-crime is simply no longer just within the ambit of amateurs hoping to make money with a random & untargeted ransomware attack.
“Organised cyber-criminals are ‘big-game hunting’, & they are gunning for companies to take down. Companies are reaching a turning point where they understand that it is inevitable, they will succumb to a cyber-attack. It’s one reason why the principle of zero trust is gaining ground: You can’t trust users because any user could be compromised at any time,” he warned.
“Sure, it’s important to train users about phishing, perform backups & patch systems. But what is really scary is the idea that criminal groups will steal important data before they encrypt it & hold it for ransom. Talk about ‘adding insult to injury’, a company could pay the ransom, only to have their files leaked.”
Tony Cole, CTO at Attivo Networks, commented further that this is yet another worrying high-profile case of a contractor being unwittingly used by bad players in order to carry out a ‘high-end’ ransomware attack.
“To deal effectively with ransomware organisations need to move from reactive, incident response to an anticipatory, threat preparedness mindset. Practical measures include ensuring all data is backed up with copies kept offline. Other steps include maintaining a secure infrastructure in line with NIST, ISO, or NCSC standards. “
“Additionally, put in place a mechanism to cover lateral movement & ransomware detection & mitigation. Create, exercise, & update your incident response place at least yearly. Keep your systems are updated & have the latest patches,” he advised.
Northrup Grumman & the US Department of Defence has yet to make a comment on the incident. It is to be hoped that US national security has not been compromised, or taken personnel details not used to attempt to recruit or compromise individual staff members.