Early Prime Day Deals Roe v. Wade Overturned Surface Laptop Go 2 Review 4th of July Sales M2 MacBook Pro Deals Healthy Meal Delivery Best TVs for Every Budget Noise-Canceling Earbuds Dip to $100

Russian State-Sponsored Cyberattackers Targeted US Defense Contractors, CISA Says

The threat actors used spear phishing and credential harvesting to access defense information from the US government, according to an alert from the Cybersecurity and Infrastructure Security Agency.

Cyber Attacks
Bill Hinton

Russian state-sponsored cyber actors have regularly targeted US cleared defense contractors since at least January 2020, a US agency said Wednesday. These contractors are private entities authorized by the Department of Defense to access classified information related to intelligence, surveillance and the development of weapons and missiles.

The Cybersecurity and Infrastructure Security Agency released an alert that said these threat actors exfiltrated emails and data that provide them with "significant insight into US weapons platform development and deployment timelines, plans for communications infrastructure, and specific technologies employed by the U.S. government and military."

CISA said the attackers used techniques such as sending spear-phishing emails that link to malicious domains and disguising the links by using publicly available URL shortening services. 

In the alert, CISA, the FBI and the NSA urged cleared defense contractors to take a number of safety measures, including enforcing strong passwords and enabling multifactor authentication for all users. 

US agencies have in recent years reported Russian state-sponsored hackers conducting the massive NotPetya ransomware attack and SolarWinds hack, plus targeting state and local governments.

Read more: As Russia's Cyberattacks on Ukraine Mount, the Risk of Impact in Other Countries Rises