According to a warning issued Wednesday by the Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), Russian state-sponsored hackers have attacked U.S. defense contractors with security rights for at least two years. ).
According to the warning, Russian-backed actors targeted defense contractors (CDCs) and subcontractors who supported the Ministry of Defense (DoD) in a variety of areas, including arms and missile development, vehicle and aircraft design, surveillance and reconnaissance, and combat communication systems. Broken organizations include contractors who support programs of the U.S. Army, Air Force, Navy, Space Forces, Department of Defense and Intelligence.
As a result of the invasion against defense contractors, Russian-backed actors have acquired confidential non-classified information as well as export-controlled technology, CISA reports. Under normal circumstances, technology that is subject to export control laws requires a license to issue to foreign organizations, which requires US government approval.
Although there is no mention of stolen classified documents, the details suggest that the nature of the information provides a significant understanding of U.S. military operations.
“The information provided provides an insight into the timing of the development and deployment of US weapons platforms, vehicle specifications and communications infrastructure and information technology plans,” the warning said. “By acquiring patented domestic documents and e-mails, adversaries can adjust their own military plans and priorities, accelerate technological development efforts, inform foreign policymakers of U.S. intentions, and focus on potential sources for recruitment.”
Given the success of current efforts, the FBI, NSA and CISA expect that Russian state-owned cyber-actors will continue to turn to defense contractors for information in the near future.
Although Russia is known for harboring cybercrime groups, direct attribution of cyber activities to Russian government entities is rare and is a strong statement by the US agencies involved. As tensions on Russia’s border with Ukraine continue, analysts have been particularly sensitive to state-sponsored cyber attacks from the country.