The breached Department of Defence contractor is an aerospace engineering firm with 50 employees.
"From those visitors overseas to Australia, Alf is Alf Stewart from an horrific Australia soap opera called Home & Away".
"Alf" used a tool named China Chopper, popular with Chinese hackers, but the group responsible could be a criminal group or state-sponsored, said Mr Clarke.
Clarke indicated that the attack was "nation state espionage".
Some of the sensitive data was linked to the International Traffic in Arms Regulations, a U.S. regulatory regime, The Sydney Morning Herald reported.
The hack included information on the F-35 Joint Strike Fighter, C130 Hercules aircraft and the P-8 Poseidon surveillance aircraft. One document was a wireframe diagram of "one of the navy's new ships".
"We see this all the time".
The Australian Defence Department appears to be in a scramble after Clarke's presentation.
What Dwayne Johnson Wants To Do With His Fast And Furious Spinoff
Huge shout to my brother, Jason Statham for the trust and wanting to create and deliver something fresh and bad ass for the fans. Tyrese had previously accused The Rock of " being selfish " over prioritizing the spinoff over the next "Fast and Furious" film.
Clarke gave a presentation at the Australian Information Security Association (AISA), revealing ASD was alerted to the hack of the defence contractor by a "partner organisation".
"While presenting at a conference in Sydney, an ASD official (who works for the ACSC) disclosed information about the theft of data from an Australian company", the statement said.
The federal minister for cybersecurity Dan Tehan revealed the breach earlier this week through the release of the Australian Cyber Security Centre's 2017 Threat Report, but provided no detail specifically about the Alf incident.
The P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft and the Joint Direct Attack Munition (JDAM) smart bomb kit were also among the sensitive data stolen from a small Australian defence contractor in 2016, ZDNet reports. "It could be a state actor, a non-state actor", Mr Pyne told ABC radio on Thursday.
"Fortunately the data that has been taken is commercial data, not military data", he said.
"It's not classified information".
Pyne said that while the government's public line is they know little about the alleged attacker - whom the ASD has dubbed APT Alf - they may have developed an understanding of who was behind the breach.
The company had used default logins and passwords such as "admin" and "guest" and had only one person working on IT.