It has been recently seen that an attacker has successfully stole confidential military maintenance manuals for drones and tanks. The attacker exploited an FTP flaw in a Netgear router located at the Creech Air Force Base and is selling the stolen documents on a darknet forum for $150-$200. The flaw was first known two years ago, but over 4,000 routers have not been updated. The stolen drone documents are for the MQ-9 Reaper drone, which is one of the most advanced and deadly drones created by the United States. According to researchers, “the hacker first infiltrated the computer of a Captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU.” There was a certificate found in the data archive which revealed that the Captain did not set a password for an FTP server that was hosting the sensitive information. Other stolen documents included an operating manual for the M1 ABRAMS tank and platoon training courses. It is unclear who the attacker is, however it is still under investigation.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased