"The compromise was extensive and extreme", Mr Clarke told the Australian Information Security Association national conference in audio obtained by freelance journalist Stilgherrian.
"The Government does not intend to discuss further the details of this cyber incident".
Australian Signals Directorate incident response manager Mitchell Clarke revealed to a conference on Wednesday an aerospace engineering company with about 50 employees was compromised a year ago.
The 50-person aerospace engineering firm subcontracts to the Defence Department and had one person managing its IT functions.
The hackers used a tool called "China Chopper" which according to security experts is widely used by Chinese actors, and had gained access via an internet-facing server, he said.
In a presentation to a conference in Sydney, an official from the Australian Signals Directorate (ASD) intelligence agency said technical information on smart bombs, the Joint Strike Fighter, the Poseidon maritime patrol aircraft and several naval vessels was stolen.
The admin password, to enter the company's web portal, was "admin" and the guest password was "guest".
Data on the F-35 Joint Strike Fighter, P-8 Poseidon surveillance aircraft and C-130 transport plane was stolen.
Another document was a wireframe diagram of one of the Australian navy's new ships, where a viewer could "zoom in down to the captain's chair".
A hacker group codenamed "Alf" after the Home and Away character has broken into a defence contractor and stolen sensitive data on military projects.
The data was commercially sensitive but not classified, the government said.
The hack was discovered by a major Defence contractor.
The incident was a "salutary reminder" about cyber security, he added.
Pyne said that while the government's public line is they know little about the alleged attacker - whom the ASD has dubbed APT Alf - they may have developed an understanding of who was behind the breach. "It could be a state actor, a non-state actor", Mr Pyne told ABC radio on Thursday.
On Tuesday, Dan Tehan, the minister in charge of cyber security, confirmed the hacking of an unnamed contractor but did not reveal specific details.
Mr Tehan said it was unclear who launched the incursion, but the Government was not ruling out a foreign government.
"Fortunately, the data that was taken was commercial data, not military data, but it's still very serious and we will get to the bottom of it".