Facepalm: A report out today indicates that the US Navy has been hacked by China several times over the last year and a half. The attackers use tools common in China, and at least one IP address was traced back to the communist state. The Secretary of the Navy has ordered a full review of the military branch's security measures.
Earlier this week we brought you news that officials suspect China was behind the Marriott/Starwood hotel breech that exposed the records of 500 million guests. The hack raised concerns that the global adversary could be planning further attacks to the US energy, financial, transportation, and healthcare infrastructures. It seems the situation is even worse.
On Friday, the Wall Street Journal reported that Chinese hackers have successfully carried out several attacks on US Navy contractors over the last 18 months. The bad actors have stolen data which included ship maintenance information. The attackers also exfiltrated weapon data pertaining to a “supersonic anti-ship missile.”
The hackers seemed to have mainly focused on smaller contractors that had less secure networks. Some of the targets include military research labs at universities.
According to National Security Agency officials, the hacks have clear identifying markers that indicate China was behind the attacks. Clues specifically point to Beijing and other territories. Among the evidence are traces of hacking tools that are commonly used by Chinese black hat groups and an accidentally uncovered IP address traced back to Hainan Island, a state province.
Navy Secretary Richard Spencer has ordered a full investigation of the Navy’s cybersecurity weaknesses.
“Attacks on our networks are not new, but attempts to steal critical information are increasing in both severity and sophistication,” read a memo penned by Spencer in October notes WSJ. “We must act decisively to fully understand both the nature of these attacks and how to prevent further loss of vital military information.”
The Navy did not specify precisely how many attacks it has suffered over the last 18 months only saying that it was “more than a handful.”
Chinese officials continually deny that they engage in cyber attacks, and they have not responded to requests for comment on these specific breaches.