According to the 2017 threat report released by the Australian Cyber Security Centre (The ACSC), Australian Signals Directorate (ASD) was alerted by a "partner organisation" that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.
The data, stolen in a 2016 breach, included technical information on the multi-billion dollar F-35A Joint Strike Fighter program, smart bombs and naval vessels.
The ASD codenamed the hacker "Alf", a character played by Ray Meagher on Home and Away, Mr Clarke told the Australian Information Security Association conference. "It's just a thing we do", Mr Clarke told his audience, according to report by BuzzFeed.
A key worry was 734 attacks that hit private sector national interest and critical infrastructure providers during the period, Tehan said.
Clarke indicated that the attack was "nation state espionage".
There was about 30GB of data taken, including ITAR (International Traffic in Arms Regulations) data.
"To the point where we found one document where it was a diagram of one of the navy's new ships, and you could zoom in down to the captain's chair and see it is one metre away from the nav chair", he said.
The admin password, to enter the company's web portal, was "admin" and the guest password was "guest".
A state actor has not been ruled out and it has been reported that a hacking tool, known as the Chinese Chopper, was used.
Pyne said that the breach did not poorly reflect on the government or on standards it imposed on suppliers to defence contracts.
Comment has been sought from Mr Tehan and the Defence department.
A mystery hacker codenamed after a larrikin Australian soap opera character has been revealed as stealing sensitive, high-level information about a $1.1 trillion defence project created by an alliance including Australia, the U.S, United Kingdom and Canada.
"The Government does not intend to discuss further the details of this cyber incident".
Minister for Defence Industry Christopher Pyne said the government is unsure of the identity of the hacker and whether they are state or non-state actor.
"It is not classified and it is not risky in terms of the military", he said.
"It's not classified information".
The data about Australia's warplanes and navy ships was stolen from an Adelaide Defence subcontractor which had one I.T. specialist and used extremely easy passwords. It could be a state actor, it could be a non-state actor.
The company had used default logins and passwords such as "admin" and "guest" and had only one person working on IT.