Top Australia Defence company Austal notifies a serious security breach
3.11.2018 securityaffairs
BigBrothers

Austal, a top Australia defence firm reports also working with the United States Navy has suffered a serious security breach.
Austal, a top Australia defence firm reports working with the US Navy has suffered a serious security breach, hackers accessed to personnel files and that it was the subject of an extortion attempt.

Austal reported the data breach to the Australian Securities Exchange (ASX) on Thursday evening, it also notified affected “stakeholders”.

“Austal Limited (ASX:ASB) advised that its Australian business has detected and responded to a breach of the company’s data management systems by an unknown offender.” reads the data breach notification published by the company.

“Austal Australia’s Information Systems and Technology (IS&T) team have restored the security and integrity of the company’s data systems and have implemented, and continues to implement, additional security measures to prevent further breaches. A small number of stakeholders who were potentially directly impacted have been informed.”

Australian Cyber Security Centre (ACSC) and the Australian Federal Police have launched an investigation on the security breach.

According to the company the security breach has had no impact on ongoing operations, experts also pointed out the Austal’s business in the United States was not affected by the incident because it leverages on a separate IT infrastructure.

Austal claimed that the breach doesn’t expose information affecting national security or the commercial operations of the company.

“No company wants to lose control of its information, but there is no evidence to date to suggest that information affecting national security nor the commercial operations of the company have been stolen: ship design drawings which may be distributed to customers and fabrication sub-contractors or suppliers are neither sensitive nor classified.” continues the notification.

Austal Multi-Role Vessel

Hackers gained access to the personnel email addresses and mobile phone numbers, attackers purported to offer them for sale online and “engage in extortion”.

“Following the breach the offender purported to offer certain materials for sale on the internet and engage in extortion. The company has not and will not respond to the extortion attempts.” continues the note.

Australia’s department of defence declared it “can confirm that no compromise of classified or sensitive information or technology has been identified so far.”

Austal has manufactured over 260 vessels for more than 100 operators in its 28-year history, it has won a contract to build littoral combat ships for the US Navy.

Defence contractors are a privileged target for hackers, stolen information could be used in targeted attacks or can be resold on the cybercrime underground. Recently experts from the Italian cyber security firm Yoroi uncovered a mysterious hacking campaign aimed at Italian Naval industry companies.