Security Experts:

Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, has confirmed suffering a data breach, a few months after a ransomware gang claimed to have hacked the company’s systems.

In a notification to the Maine Attorney General’s office, the Fort Worth, Texas-based company said the breach occurred on June 8 and it was discovered the same day. It said only 369 people are affected.

A notification sent out to impacted customers by a law firm on behalf of Elbit said it discovered the breach after noticing unusual activity on its network. The network was immediately shut down and steps were taken to secure the environment.

An investigation assisted by a cybersecurity firm revealed that the attacker may have acquired information belonging to certain employees, including name, address, social security number, date of birth, direct deposit information, and ethnicity.

Impacted individuals were notified in July and offered 12 months of free identity protection and credit monitoring services, the company said.

Elbit Systems of America provides defense, commercial aviation, homeland security, medical instrumentation, law enforcement, and sustainment and support solutions.

The Black Basta ransomware gang announced hacking Elbit Systems of America in late June. The group’s Tor-based leak website suggests that all of the files stolen from Elbit have been made public, which indicates that the defense company has refused to pay the ransom demanded by the hackers.

The Black Basta website was very slow at the time of writing and it only displayed a few documents allegedly stolen from the defense contractor, including a payroll report, an audit report, a confidentiality agreement, and a non-disclosure agreement.

Elbit hacked by Black Basta ransomware

SecurityWeek has reached out to Elbit for more information about the incident and will update this article if it responds.

The Black Basta ransomware operation emerged in April and cybersecurity researchers have found links to the notorious Conti group. The operation employs a double extortion strategy that involves encrypting files and stealing valuable data from compromised systems in an effort to increase its chances of getting paid. The group has become a major threat, with roughly 100 victims currently listed on the Black Basta leak website.

This is not the first time Elbit Systems of America has been targeted by hackers. In 2018, the company admitted being targeted after a hacker leaked account information allegedly stolen from its systems. At the time, however, it did not confirm an actual breach or the theft of data.

Related: Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia

Related: Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown

Related: US Government Shares Photo of Alleged Conti Ransomware Associate

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.