Huntington Ingalls, the Navy’s largest shipbuilder, was compromised by a large-scale hacking campaign waged by several organs of the Chinese government, according to a Reuters report.

However, the company denied the allegation in a June 27 email to Fifth Domain, saying, “there was no breach of information” from Newport News Shipyard, nor were their systems connected to a foreign server controlled by a Chinese group, known as APT10.

The sophisticated campaign, dubbed “Cloud Hopper,” targeted Hewlett Packard Enterprise’s cloud using it to attack many of its customers, the June 26 report stated.

“In early 2017, HPE analysts saw evidence that Huntington Ingalls Industries, a significant client and the largest U.S. military shipbuilder, had been penetrated by the Chinese hackers,” the report read, citing two sources.

Systems owned by a Huntington Ingalls subsidiary were connecting to a foreign server that was controlled by one of China’s most capable and feared hacking groups, known as APT10. Reuters described the group as akin to the Central Intelligence Agency. In an email, a Huntington Ingalls spokesperson said "NNS never used the services of DXC or the companies that merged to form DXC (HPE and CSC).”

“During a private briefing with HPE staff, Huntington Ingalls executives voiced concern the hackers could have accessed data from its biggest operation, the Newport News, Va., shipyard where it builds nuclear-powered submarines, said a person familiar with the discussions. It’s not clear whether any data was stolen,” Reuters reported.

The U.S. government and Department of Defense has been warning of the vulnerability the defense industrial base poses as a target of foreign espionage. This year’s departmentwide annual report on Chinese military activity included a new section highlighting that China’s exfiltration of sensitive military information from the defense industrial base could allow it to gain a military advantage.

The Chinese government was blamed in 2018 for a series of hacks on American contractors and while the information they stole was not technically classified, it was considered in aggregate, to be quite damaging to the United States

The Navy and Navy-affiliated industrial base partners have born the brunt of these recent barrages.

“Despite our adversaries’ clear statements of intent, the [Department of the Navy] did not anticipate this attack vector. As the {Defense Industrial Base] is not viewed as a partner by the DON, the DIB was not adequately informed of the cyber threat,” a cybersecurity audit of the Department of the Navy released in March 2019 said.

The audit was ordered by the secretary of the Navy in October 2018 following “several significant compromises of classified and sensitive information,” the audit stated.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In IT and Networks