Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
Cyberattack on an unclassified defence intranet.
Day Month Year Country Activity Incident Type
XX August 2012 United States Defence Intrusion


According to sources, starting in August 2012 and for a duration of four months, a group with Tactics, Techniques and Procedures reputed as Iran conducted an intrusion into the US Navy's unclassified administrative network (800 000 users, 2500 sites), during a wider operation called Operation Cleaver. The attackers would have exploited a vulnerability on a public-facing website before pivoting onto the intranet.

Sources report that no data was stolen in the attack but that, however, $10 M were necessary to repair the damages caused by the attack.


US Navy

Claimed/Reported Threat Actor




Main impact



Recommendations to Defence to reduce Intrusion risks:

  • Implement strong access controls and authentication mechanisms to limit unauthorized access, such as Multi Factor Authentication.
  • Regularly update and patch software and systems to address known vulnerabilities.
  • Use Network Intrusion Detection Systems (NIDS) to monitor and block suspicious activities.
  • Segment your network to limit lateral movement by attackers in case of a breach.
  • Educate your employees about phishing attacks and social engineering tactics to prevent credential theft.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.