APT groups compromise aerospace and defense companies
FireEye has performed threat assessments at many aerospace and
defense firms. China-based threat groups likely targeted these
companies to develop a competitive advantage for their indigenous
defense and aerospace companies or to support the Chinese military’s modernization.
A China-based threat group compromised at least seven systems in the
environment of a defense manufacturer. The threat group stole
documents on communications standards and initially gained access to
the network through spear phishing emails. The employees’ email
addresses were included in public documents, and the threat actors
likely used publicly-available sources to perform pre-attack reconnaissance.
Another China-based threat group compromised more than 300 systems
at a aerospace company for several years. During the data breach, we
found that the group was focused on acquiring sensitive data. The
threat group performed targeted system reconnaissance in order to
identify specific directories that were most likely to yield this information.