Government warns Russian hackers are targeting Cleared Defense Contractors

THe U.S. Federal Bureau of Investigation, the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have issued an alert that Russian state-sponsored hackers are actively targeting defense contractor networks.

The joint alert states that from at least January 2020 through to now, Russian state-sponsored cyber actors have targeted both small and large Cleared Defense Contractors and sub-contractors with varying levels of cybersecurity protocols and resources. The contractors provide support for the U.S. Department of Defense and the intelligence community.

The Russian hackers targeted command, control, communications and combat systems; intelligence, surveillance, reconnaissance and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers and logistics.

The methods used by the hackers include spearphishing, credential harvesting, brute force/password spray techniques and exploring known vulnerabilities to gain access against accounts and networks with weak security. The hackers exploit simple passwords, unpatched systems and unsuspecting employees to gain access before stealing data.

Data known to have been accessed and stolen includes sensitive, unclassified information through to proprietary and export-control technology information.

While the hackers targeted various systems, efforts prioritized Microsoft 365 environments. The information gives the Russian government insight into weapons-platforms development and deployment timelines, plans for communications infrastructure and specific technologies being used by the government and military.

“Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information in the near future,” the alert notes.

“Unfortunately, as is often the case with changes in the threat landscape, the risk mitigation actions are all relatively complex to implement,” Tim Erlin, vice president of strategy at cybersecurity company Tripwire Inc., told SiliconANGLE. “While these mitigations are core security controls that organizations should be implementing already, it’s important that we not let the perfect be the enemy of the good.”

“It’s possible to gain incremental benefit from incremental implementation,” Erlin added. “Cleared Defense Contractors should use the list of mitigations in the advisory as a checklist to identify areas of improvement that they can prioritize.”

Image: Needpix