UPDATED 19:53 EDT / FEBRUARY 16 2022

SECURITY

US government warns Russian hackers are targeting defense contractors

The U.S. Federal Bureau of Investigation, the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency today issued an alert that Russian state-sponsored hackers are actively targeting defense contractor networks.

The alert states that from at least January 2020 to now, Russian state-sponsored cyber actors have targeted both small and large Cleared Defense Contractors and subcontractors with varying levels of cybersecurity protocols and resources. The contractors provide support for the U.S. Department of Defense and the intelligence community.

The Russian hackers targeted command, control, communications and combat systems; intelligence, surveillance, reconnaissance and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers and logistics.

The methods used by the hackers include spear phishing, credential harvesting, brute-force password spray techniques and exploring known vulnerabilities to gain access against accounts and networks with weak security. The hackers exploit simple passwords, unpatched systems and unsuspecting employees to gain access before stealing data.

Data known to have been accessed and stolen includes sensitive, unclassified information and proprietary and export-control technology information.

While the hackers targeted various systems, efforts prioritized Microsoft 365 environments. The information gives the Russian government insight into weapons-platforms development and deployment timelines, plans for communications infrastructure and specific technologies being used by the government and military.

“Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information in the near future,” the alert notes.

“Unfortunately, as is often the case with changes in the threat landscape, the risk mitigation actions are all relatively complex to implement,” Tim Erlin, vice president of strategy at cybersecurity company Tripwire Inc., told SiliconANGLE. “While these mitigations are core security controls that organizations should be implementing already, it’s important that we not let the perfect be the enemy of the good.”

Erlin added that it’s possible to gain some benefit from incremental implementation. “Cleared Defense Contractors should use the list of mitigations in the advisory as a checklist to identify areas of improvement that they can prioritize,” he said.

Image: Needpix

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU