KrebsonSecurity has a story discussion of an old intrusion.
The Iron Dome manufacturers with its successful anti-missile shield found out during 2011-2012 Elisra Group, Israel Aerospace Industries, and Rafael Advanced Systems.
The hackers “Comment Crew” stole sensitive documents from the networks of the manufacturers over the course of a year. including a 900 page document on the specs of the Arrow 3 missile.
Mandiant labeled the “Comment Crew” on its now famous report on PLA unit 61398 which even pointed out the building that the Chinese state run hackers operate out of.
Interesting to note that all 3 Israeli companies deny the breach.
The security company identifying the breach (CyberESI) has said it all started with a phishing attack.
another interesting comment: Boeing developed and sent the technology of the Arrow 3 missile, so now the hack in Israel has opened up an unforeseen technology transfer to China.
As is typical of a hack of this magnitude, the initial attack was continued with lateral moves to other machines and more access and hacks until more and more data was exfiltrated.
I always assume that the attacker has already breached defenses, is already on the inside network, and thus will try to gain more access from an already compromised account. It is not enough to have a firewall and access lists.