Russian State-Sponsored Cyberattackers Targeted US Defense Contractors, CISA Says
The threat actors used spear phishing and credential harvesting to access defense information from the US government, according to an alert from the Cybersecurity and Infrastructure Security Agency.
Russian state-sponsored cyber actors have regularly targeted US cleared defense contractors since at least January 2020, a US agency said Wednesday. These contractors are private entities authorized by the Department of Defense to access classified information related to intelligence, surveillance and the development of weapons and missiles.
The Cybersecurity and Infrastructure Security Agency released an alert that said these threat actors exfiltrated emails and data that provide them with "significant insight into US weapons platform development and deployment timelines, plans for communications infrastructure, and specific technologies employed by the U.S. government and military."
CISA said the attackers used techniques such as sending spear-phishing emails that link to malicious domains and disguising the links by using publicly available URL shortening services.
In the alert, CISA, the FBI and the NSA urged cleared defense contractors to take a number of safety measures, including enforcing strong passwords and enabling multifactor authentication for all users.
US agencies have in recent years reported Russian state-sponsored hackers conducting the massive NotPetya ransomware attack and SolarWinds hack, plus targeting state and local governments.
Read more: As Russia's Cyberattacks on Ukraine Mount, the Risk of Impact in Other Countries Rises