Cyber Crime
Russian Hackers Targeted Defense Contractors To Steal Sensitive Data: US Intelligence
State-sponsored actors backed by the Russian government attacked the networks of many US cleared defence contractors (CDCs) on a regular basis in order to get proprietary papers and other sensitive information about the country’s defence and intelligence programmes and capabilities.
Russian hackers have been targeting Pentagon-linked defence companies and subcontractors for at least the past two years in order to steal critical data and information, according to US authorities.
According to a joint alert provided by the US Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency, the ongoing espionage effort began at least two years ago, in January 2020. (CISA).
The perpetrators were able to get sensitive, unclassified information as well as CDC-proprietary and export-controlled technologies as a result of the ongoing breaches, according to the agencies. “The material obtained gives substantial insight into the development and deployment schedules for US weapons systems, vehicle specifications, and communications infrastructure and information technology plans.”
Contractors working on command, control, communications, and combat systems, as well as surveillance and reconnaissance, weapons and missile development, vehicle and aircraft design, software development, data analytics, and logistics, have all been compromised.
Before moving laterally to establish persistence and exfiltrate data, threat actors use “standard but successful” strategies to infiltrate target networks, including spear-phishing, credential harvesting, brute-force assaults, password spray techniques, and exploitation of known vulnerabilities in VPN equipment.
Many of the breaches also entail getting access to business and cloud networks, with the attackers keeping permanent access to the compromised Microsoft 365 systems for up to six months in order to gather emails and data again.
“As the CDCs discover and patch existing vulnerabilities on their networks, the actors change their tradecraft to seek new ways of access,” the agencies noted. “CDCs must maintain ongoing monitoring for software vulnerabilities and out-of-date security configurations, especially in internet-facing systems,” says the report.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube