Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.
CDCs are private entities with clearance from the Department of Defense (DoD) to access classified info to bid for contracts or support DoD programs.
They have access to information related to DoD and Intelligence Community programs from various areas, including:
- Command, control, communications, and combat systems;
- Intelligence, surveillance, reconnaissance, and targeting;
- Weapons and missile development;
- Vehicle and aircraft design; and
- Software development, data analytics, computers, and logistics.
Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.
"Compromised entities have included CDCs supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DoD and Intelligence programs," the FBI, NSA, and CISA revealed in a joint advisory published today.
"These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology.
"By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment."
Russian APTs also target critical infrastructure
Last month, the three agencies also warned that Russian-backed hacking groups are targeting organizations from U.S. critical infrastructure sectors.
As the FBI, NSA, and CISA said in January, Russian APT groups — including APT29, APT28, and the Sandworm Team — have used destructive malware to target industrial control systems (ICS) and operational technology (O.T.) networks belonging to critical infrastructure orgs worldwide.
In July 2021, the U.S. government also announced a reward of up to $10 million through its Rewards for Justice (RFJ) program for information on malicious cyber activities coordinated by state hackers targeting critical infrastructure sectors.
"NSA encourages all U.S. cleared defense contractors (CDC) — with or without evidence of compromise — to apply the mitigations in the advisory to reduce the risk of compromise by Russian state-sponsored cyber actors," the NSA added today.
"While these mitigations are not intended to be all encompassing, they address common TTPs observed in these intrusions and will help to mitigate against common malicious activity."
Comments
STOPTHESTEAL - 2 years ago
Sergiu. Can you stop re-posting Hillary Russia-gate hoaxes?? I tis so tiring to read about this stuff here. None of it holds any water.
serghei - 2 years ago
Weird how you're the only one complaining ...
STOPTHESTEAL - 2 years ago
"Weird how you're the only one complaining ..."
Weird how 99% of your posts do not get any comments.....
Lawrence Abrams - 2 years ago
You think Hillary is controlling the FBI, NSA, and CISA advisories now?
STOPTHESTEAL - 2 years ago
"You think Hillary is controlling the FBI, NSA, and CISA advisories now?"
The fact that Bush and Clinton families run the GOP and DNC respectively, the fact that Ned Price contributed money to Hillary campaign, fact that Jake Sullivan was on Hillary campaign. Should we go on or so far this is enough?
LittleDickPutin - 2 years ago
""You think Hillary is controlling the FBI, NSA, and CISA advisories now?"
The fact that Bush and Clinton families run the GOP and DNC respectively, the fact that Ned Price contributed money to Hillary campaign, fact that Jake Sullivan was on Hillary campaign. Should we go on or so far this is enough? "
Listen comrade we don't want to read your dieing country's propaganda. You are either a Russian troll or Trump supporter, dealers choice.
Once the babyboomers die off , which I am going to assume is your age range ,my generation will be taking over next and we will have a nice adult chat about all these past couple years and see how you feel then. Catch you soon.
buddy215 - 2 years ago
Using STOPTHESTEAL as a user name should alert everyone that STOPTHESTEAL is not capable of thinking rationally. Or is simply elective ignorant. You can blame Fox News(?) as the main source of STOPTHESTEAL'S ignorant comments.
STOPTHESTEAL - 2 years ago
The freedom of speech here is so unidirectional that makes me wonder if you guys are from Canada, or CA or NY.