WASHINGTON: For the last two years hackers backed by the Russian government worked to infiltrate American defense contractor systems, sometimes raiding the companies for months at a time, to steal sensitive, unclassified information, the US government warned today.
“The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology,” the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said in an alert posted online. “By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment.”
The cyber-espionage campaign ran from at least January 2020 and through this month, CISA said, targeting contractors working for every military branch as well as the Intelligence Community, and covering subjects including command and control systems to aircraft design.
“During this two-year period, these actors have maintained persistent access to multiple CDC [cleared defense contractor] networks, in some cases for at least six months. In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data,” CISA said. “For example, during a compromise in 2021, threat actors exfiltrated hundreds of documents related to the company’s products, relationships with other countries, and internal personnel and legal matters.”
CISA said the hackers generally didn’t use novel techniques to break into the systems, instead relying on old standbys like spear phishing, brute forcing and taking advantage of unpatched networks.
In response, CISA urged companies to conduct forensic investigations of their systems to discover evidence of compromise and to harden their defenses against future breaches. The threat, the agency said, it not expected to go away anytime soon.
“Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information in the near future,” it said.