Defense contractor L-3 Communications told employees that attackers used SecurID information stolen from RSA in March to target L-3, according to a report.
"L-3 Communications has been actively targeted with penetration attacks leveraging the compromised information," said an April 6 e-mail from an executive at L-3's Stratus Group to the group's 5,000 workers, which Wired published yesterday after receiving it from an unidentified source. The source reportedly said SecurID is used for access to an unclassified corporate network, but not classified networks.
It is unclear if the attack was successful. "Protecting our network is a top priority, and we have a robust set of protocols in place to ensure sensitive information is safeguarded. We have gotten to the bottom of the issue," L-3 spokeswomen Jennifer Barton told Kevin Poulsen at Wired, declining to comment further.
Lockheed Martin confirms it came under attack
RSA: Cyberattack could put customers at risk
What the RSA breach means for you (FAQ)
U.S., U.K. see cyberwar as facet of regular war
Meanwhile, FoxNews.com reported today that Northrop Grumman shut down remote access to its network on May 26. An unidentified source at the company speculated that the move could have been taken in response to a network attack, and a Northrop Grumman spokeswoman said she couldn't confirm or deny that, the news site reported.
And last weekend, defense contractor Lockheed Martin confirmed that its network had been attacked following a report by Reuters citing an unidentified source that said SecurID keyfob data was used in the network breach.
RSA warned customers several months ago that attackers had breached its network and stolen data related to SecurID that could compromise systems relying on the two-factor authentication technology.
The news comes as officials in the U.S. and the U.K. acknowledge publicly that they view cyberattacks as acts of war.
Updated 12:46 p.m. PT with Northrop Grumman report.