The U.S. FBI, NSA, DHS, CISA issued an alert that Russian state-sponsored hackers are actively targeting defense contractor networks.
The alert states that from at least January 2020 , Russian state-sponsored cyber actors have targeted both small and large Cleared Defense Contractors and subcontractors with varying levels of cybersecurity protocols and resources. The contractors provide support for the U.S. DoD and the intelligence community.
The Russian hackers targeted command, control, communications and combat systems; intelligence, surveillance, reconnaissance and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers and logistics.
The methods used by the hackers include spear phishing, credential harvesting, brute-force password spray techniques and exploring known vulnerabilities to gain access against accounts and networks with weak security. The hackers exploit simple passwords, unpatched systems and unsuspecting employees to gain access before stealing data.
Data known to have been accessed and stolen includes sensitive, unclassified information and proprietary and export-control technology information.
The hackers targeted various systems, efforts prioritized Microsoft 365 environments. The information gives the Russian government insight into weapons-platforms development and deployment timelines, plans for communications infrastructure and specific technologies being used by the government and military.
Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information in the near future. – Alert Notice