US government: Russians are targeting defence contractors

Attackers have been able to steal communications infrastructure plans, weapons deployment schedules, and other sensitive data in a campaign lasting at least two years

State-sponsored hackers linked to Russia have been targeting and compromising US cleared defence contractors (CDCs) since at least January 2020, in attempts to obtain information on aircraft designs, weapon systems and other technologies, according to US officials.

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI and NSA issued a joint alert on Wednesday, warning of an ongoing hacking campaign that has been targeting both large and small CDCs for more than two years.

The attackers have maintained a persistent presence for at least six months in some cases, exfiltrating hundreds of confidential emails, documents and other data.

CDCs are commercial firms that have been granted access to secret information by the US Department of Defense (DoD) to compete for contracts or assist DoD programmes.

They can access data from various DoD and Intelligence Community programmes, including command, control, communications and combat systems; weapons and missile development; surveillance, intelligence, reconnaissance, and targeting; aircraft and vehicle design; and data analytics, software development, computers and logistics.

The criminals have been able to steal sensitive, unclassified data; communications infrastructure plans; weapon deployment schedules; and specific technologies used by the US government and military.

During a breach in 2021, hackers exfiltrated hundreds of documents with details on a company's products, relationships with foreign nations and internal legal matters.

Officials believe the stolen material might aid the Russian government in countering US military plans, and speed up the country's own technology development efforts.

The hackers utilised spear phishing, brute-force password spraying and credential harvesting tactics. The investigators also found the attackers exploiting publicly known security flaws in business and VPN software.

While the hackers attacked a variety of systems, Microsoft 365 environments were prioritised.

The rest of the advisory provides details of common adversary techniques, detection and incident response procedures, and mitigation recommendations for CDCs.

'NSA encourages all US cleared defense [sic] contractors (CDC) — with or without evidence of compromise — to apply the mitigations in the advisory to reduce the risk of compromise by Russian state-sponsored cyber actors,' the NSA wrote in a separate post.

These latest warnings come after US agencies issued a joint alert statement last month warning of the threat of cyber attacks on US entities, amid escalating tensions between Russia and Ukraine over the threat of a possible Russian incursion.

On Tuesday, a series of cyber attacks took down the websites of the Ukrainian defence ministry, army and financial institutions. The assaults rendered at least 10 Ukrainian websites inaccessible, including those belonging to the country's two largest banks, Privatbank and Oschadbank.

The disruption was reportedly caused by a distributed denial of service (DDoS) attack, in which websites are bombarded with a flood of meaningless data packets, leaving them inaccessible.

Last month, Canada's foreign ministry was also hit with a cyber attack, affecting 'some access to internet and internet-based services'.

In January, the UK's National Cyber Security Centre (NCSC) urged large organisations to beef up their defences against possible Russian attacks. The NCSC said it was important that organisations follow the recommendations to remain resilient and ahead of potential threats.