Sensitive Navy Data Allegedly Stolen by Chinese Hackers

Chinese government-affiliated threat actors reportedly stole over 614GB of sensitive information from a US Navy contractor, including information on electronic warfare, an anti-ship missile program, sensor data, and submarine data relating to cryptographic systems. This data was housed on an unclassified server of an unnamed contractor, highlighting the need to ensure contractors and other third-party vendors are adhering to the information security standards necessary to protect sensitive information and networks. The NJCCIC recommends organizations that may be considered valuable targets for cyber-espionage activity, including US defense contractors, implement a Defense-in-Depth cybersecurity strategy; employ the Principle of Least Privilege; enable multi-factor authentication for user accounts; and keep antivirus, hardware, and software updated to the latest vendor-supported patch levels to mitigate against the exploitation of known vulnerabilities.