SpaceX and Tesla documents leaked online by hackers
Cyber extortionists hacked into of the company's suppliers, Visser Precision, and stole the commercial information.
Monday 2 March 2020 12:44, UK
An American manufacturer which works with SpaceX and Tesla is being extorted by cyber criminals who are leaking documents relating to these companies.
The cyber crime group known as DoppelPaymer has already leaked non-disclosure agreements signed between Visser Precision and the Elon Musk-led companies SpaceX and Tesla.
More documents stolen from Visser's network will be released unless the Denver-based firm pays a ransom, the criminals have claimed.
Although it is not known how the group managed to hack into Visser's computer network, it is believed that they stole the data and then encrypted the firm's computers in order to extort a ransom from the company.
A spokesperson for Visser Precision confirmed to Sky News that the company was "the recent target of a criminal cyber security incident, including access to or theft of data" and said its investigation of the attack was continuing, while businesses was "operating normally".
Among the companies which the hackers claim to have accessed documents on are the aerospace and defence giants Boeing and Lockheed Martin, as well as Jeff Bezos' space exploration company Blue Origin.
Asked if it had alerted these firms whether their commercially sensitive information had been stolen, the spokesperson told Sky News: "Visser Precision will continue full cooperation with its customer partner companies, but will make no further press comment at this time."
Brett Callow, a security researcher at Emsisoft who alerted Sky News to the breach, explained: "Because so many actors now steal data, all ransomware incidents should be considered to be data breaches - and it is absolutely critical that incidents be promptly disclosed.
"The data that is exfiltrated from one company could be used to launch very effective spear phishing campaigns, BEC (Business Email Compromise) scams or other forms of fraud against its commercial partners."
Mr Callow added: "In short, not immediately disclosing these incidents makes life much easier for cyber criminals.
"The threat landscape has changed considerably in recent months and governments should consider amending and strengthening breach notification laws to reflect that."
A spokesperson for Lockheed Martin told Sky News: "We are aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain.
"Lockheed Martin has made and continues to make significant investments in cyber security, and uses industry-leading information security practices to protect sensitive information.
"This includes providing guidance to our suppliers, when appropriate, to assist them in enhancing their cyber security posture," they added.
Sky News has contacted Visser Precision's commercial partners for comment.