Defense behemoth L-3 Communications said hackers were targeting the company using inside information on the SecurID keyfob system freshly stolen from a breach at RSA Security.
The L-3 attack makes the company the second hacker target linked to the RSA breach — both defense contractors. Lockheed Martin also suffered an attack.
“L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information,” read an April 6 email from an executive at L-3’s Stratus Group to the group’s 5,000 workers.
It’s not clear from the email whether the hackers were successful in their attack, or how L-3 determined SecurID was involved. L-3 spokeswomen Jennifer Barton declined comment.
Among other things the defense contractor provides is command-and-control, communications, intelligence, surveillance and reconnaissance (C3ISR) technology to the Pentagon and intelligence agencies.
In the Lockheed breach, attackers may have gained access by cloning the SecurID keyfobs of Lockheed users.
Together, the attacks suggest the RSA intruders obtained crucial information — possibly the encryption seeds for SecurID tokens — that they’re using in targeted intelligence-gathering missions against sensitive U.S. targets.
SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number cryptographically generates and changes every 30 seconds.
Last March, RSA said it was the victim of an attack in which intruders stole information related to the company’s SecurID two-factor authentication products.