Some 30GB of "sensitive data" subjected to restricted access under the U.S. government's International Traffic in Arms Regulations rules was stolen, ASD's Mr Mitchell Clarke told a security conference Wednesday according to ZDNet. The data was commercially sensitive but not classified, it did not know if the state was involved, the government of Australia said.
Mitchell Clarke, an official from the Australian Signals Directorate (ASD), said technical information on smart bombs and several naval vessels was also stolen. The identity of the hacker is still unknown.
"In a separate comment on the issue, the country's Defense Industry Minister Christopher Pyne told the Australian Broadcasting Corp that "it could be one of a number of different actors".
"It could have been a state actor, it could have been cyber criminals, and that's why it was taken so seriously", he said.
The company had used default logins and passwords such as "admin" and "guest" and had only one person working on IT.
Approximately 30GB of data was compromised during a hack on a government contractor.
Describing the breach, the official claimed it was "extensive and extreme,"ABC reports".More news: UCLA Basketball Recruiting: LaMelo Ball pulled out of Chino Hills High School
Access was initially gained by exploiting a 12-month-old vulnerability in the company's IT Helpdesk Portal, which was mounting the company's file server using the Domain Administrator account.
"In November 2016, the ACSC became aware that a malicious cyber adversary had successfully compromised the network of a small Australian company with contracting links to national security projects", the report stated.
"One IT admin who had only been in the job for nine months speaks for itself, and if the large company had carried out a valid third-party risk assessment in the first place, they would not have sent the data at all", he said.
The Opposition demanded answers on Thursday about the breach, which the government has confirmed without giving specific details and blamed on the contractor's poor cyber security.
"Su Bin admitted to playing an important role in a conspiracy, originating in China, to illegally access sensitive military data, including data relating to military aircraft that are indispensable in keeping our military personnel safe", John P. Carlin, then the USA assistant attorney general for national security, said at the time. "This means that, in the inevitability of a breach occurring, the data to which hackers can gain access is constrained".
"We need to decouple security from infrastructure and adopt a zero trust security model: to achieve access, a user needs to both see an application and be permitted to use it", he said.