It is not uncommon to uncover sensitive data being offered for sale on the dark web. However, it is rare for hackers to steal and then attempt to sell military documents on an open market.
We understand that while monitoring criminal actor activities on the deep and dark web, Insikt Group identified an attempted sale of what we believe to be highly sensitive US Air Force documents.
“Specifically, an English-speaking hacker claimed to have access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle (UAV). Insikt analysts engaged the hacker and confirmed the validity of the compromised documents.
Insikt Group identified the name and country of residence of an actor associated with a group we believe to be responsible. This analysis is available to our customers via Insikt’s blog. We continue to assist law enforcement in their investigation.”
- Recorded Future identified a newly registered member of a hacking forum attempting to sell highly sensitive documents about the U.S. military MQ-9 Reaper drone.
- Following the first incident, the threat actor acknowledged another breach involving a large number of military documents from an unidentified officer.
- The documents contained a second dataset including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course, and documentation on improvised explosive device (IED) mitigation tactics.
- Insikt Group analysts learned that the attacker used a widely known tactic of gaining access to vulnerable Netgear routers with improperly setup FTP login credentials.
Manufactured by General Atomics, the MQ-9 Reaper is regarded as one of the most advanced unmanned air systems commissioned in the past two decades.
Reaper was first introduced in 2001 and is currently used by the US Air Force, the US Navy, the CIA, US Customs and Border Protection, NASA, and the militaries of several other countries including the United Kingdom.