US officials say Russian state-sponsored hackers have successfully infiltrated US defense contractors to steal information on weapons systems, aircraft designs and other defense technology.
On Wednesday, the FBI, the NSA and the US Cyber Security and Infrastructure Security Agency (CISA) issued an alert about hacking attempts targeting both large and small US defense contractors since at least January 2020.
“These continued intrusions have enabled actors to gain access to sensitive, unclassified information, as well as CDC (Approved Defense Contractor)-proprietary and export-controlled technology,” the alert said.
Affected defense contractors have supported many US military projects, including combat systems, intelligence-gathering, weapons and missile development, and vehicle and aircraft design. As a result, the stolen data risks helping the Russian government counter US military plans, spur the country’s own technological development efforts, and even trick the Kremlin into targeting potential sources for recruitment. allow.
According to the agencies the entities that have compromised include the US Army, Air Force, Navy, Space Force and Department of Defense and contractors supporting intelligence programs.
To infiltrate defense contractors, Russian hackers have sent spear-phishing emails, prompting unsuspecting employees to visit a malicious website that could infect their computers with malware. In other cases, hackers try to break into online accounts associated with defense contractors by guessing employee passwords.
In addition, investigators have observed Russian hackers taking advantage of publicly known vulnerabilities in enterprise and VPN software to infiltrate defense contractors. Once access is gained, hackers can steal information from company accounts and servers.
“For example, during a settlement in 2021, the threat actors withheld hundreds of documents related to the company’s products, relationships with other countries, and internal personnel and legal matters,” the agencies say.
The alert also warns that Russian hackers are “prioritizing” their efforts against the widely used Microsoft 365 cloud-based office environment. In some cases, hackers can stay inside corporate systems for at least six months by infecting computers with and using malware. Valid login credentials to maintain access.
The US government alert suggests several ways companies can detect and protect their systems from infiltration tactics by Russian hackers. Tips include enabling multi-factor authentication to strengthen login security, enforcing strong, unique passwords, and implementing a system for regularly installing software patches.