Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

In a notification to the Maine Attorney General’s office, the Fort Worth, Texas-based company said the breach occurred on June 8 and it was discovered the same day. It said only 369 people are affected.

A notification sent out to impacted customers by a law firm on behalf of Elbit said it discovered the breach after noticing unusual activity on its network. The network was immediately shut down and steps were taken to secure the environment.

An investigation assisted by a cybersecurity firm revealed that the attacker may have acquired information belonging to certain employees, including name, address, social security number, date of birth, direct deposit information, and ethnicity.

Impacted individuals were notified in July and offered 12 months of free identity protection and credit monitoring services, the company said.

Elbit Systems of America provides defense, commercial aviation, homeland security, medical instrumentation, law enforcement, and sustainment and support solutions.

The Black Basta ransomware gang announced hacking Elbit Systems of America in late June. The group’s Tor-based leak website suggests that all of the files stolen from Elbit have been made public, which indicates that the defense company has refused to pay the ransom demanded by the hackers.

The Black Basta website was very slow at the time of writing and it only displayed a few documents allegedly stolen from the defense contractor, including a payroll report, an audit report, a confidentiality agreement, and a non-disclosure agreement.

Advertisement. Scroll to continue reading.

Elbit hacked by Black Basta ransomware

SecurityWeek has reached out to Elbit for more information about the incident and will update this article if it responds.

The Black Basta ransomware operation emerged in April and cybersecurity researchers have found links to the notorious Conti group. The operation employs a double extortion strategy that involves encrypting files and stealing valuable data from compromised systems in an effort to increase its chances of getting paid. The group has become a major threat, with roughly 100 victims currently listed on the Black Basta leak website.

This is not the first time Elbit Systems of America has been targeted by hackers. In 2018, the company admitted being targeted after a hacker leaked account information allegedly stolen from its systems. At the time, however, it did not confirm an actual breach or the theft of data.

Related: Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia

Related: Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown

Related: US Government Shares Photo of Alleged Conti Ransomware Associate

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.