Russian hackers have targeted and obtained secret data on military drones and other sensitive U.S. defense technology, according to a report published Tuesday by the Associated Press.

The report details efforts by Fancy Bear, the notorious Russian hacking group previously tied to attacks against U.S. lawmakers and the Democratic National Committee, to target and successfully infiltrate military contractors through phishing campaigns, which involve getting people to click on links that seem to come from trusted sources. The contractors included Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics.

AP claimed the group went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities. As many as 40 percent of employees targeted clicked on the hackers’ phishing links, “potentially opening their personal email accounts or computer files to data theft by the digital spies.”

“I clicked on it and instantly knew that I had been had,” retired Air Force general James Poss told AP before explaining that the email he had received was designed to look like a Google security alert. Targeted attacks against personal Gmail accounts were cited as the most popular attack vector “with a few corporate accounts mixed in.”

What data was stolen was not made clear in the report, although 15 of the targets, the single largest group of weapons specialists, worked on drones.

Explaining why drone technology was specifically targeted, Dan Gettinger, co-director of the Centre for the Study of the Drone told Euronews that the targeted hacking is not that surprising.

“Drone technology is a very desired technology and Russia has made a big effort to acquire this technology over the past couple years,” Gettinger said. “These are multi-role drones that can carry out both surveillance and reconnaissance and even carry out strikes. Now, the drones that Russia has acquired so far are the micro-UAVs that are really limited to artillery spotting or battlefield reconnaissance and surveillance, but the drones that they’re looking to acquire are more sophisticated and can carry out more types of missions than the ones they have now.”

Ruvi Kitov, chief executive officer of network security company Tufin Ltd., told SiliconANGLE that the targeting hacking serves a lesson to all companies.

“Companies far too often rely on a single overempowered party with much greater access and responsibility than is required to perform their role,” Kitov explained. “Zero-trust models require a separation of duties between multiple people to avoid being compromised in a targeted attack. But having too many manual steps hinders the business and compels a return to shortcuts and overempowerment.”

Photo: US Airforce/Flickr