Federal security and law enforcement agencies issued a joint advisory on Wednesday warning Russian state-backed hackers are targeting U.S. defense contractors.
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) released a joint Cybersecurity Advisory alerting that Russian state-sponsored “cyber actors” are targeting U.S. defense contractors (CDCs) that work on projects for the U.S. Department of Defense and the Intelligence Community.
The advisory stated that between Jan. 2020 and February 2022, the agencies have seen steady targeting of defense contractors by Russian state-sponsored hackers. The targets have included the following areas:
- Command, control, communications, and combat systems
- Intelligence, surveillance, reconnaissance, and targeting
- Weapons and missile development
- Vehicle and aircraft design
- Software development, data analytics, computers, and logistics
The advisory explained that Russian hackers have historically used “common but effective tactics” to breach networks, including “spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security.”
The agencies warned that the hackers often take advantage of “simple passwords, unpatched systems, and unsuspecting employees” to gain access to a network.
“These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology. The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology,” the advisory stated. “By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment.”
The advisory encouraged all defense contractors to apply appropriate mitigations “regardless of evidence of compromise” in an effort to stave off future hacking attempts.
The FBI, CISA, and NSA recommend the following mitigation measures:
- Implement Credential Hardening
- Establish Centralized Log Management
- Initiate a Software and Patch Management Program
- Employ Antivirus Programs
- Use Endpoint Detection and Response Tools
- Maintain Rigorous Configuration Management Programs
- Enforce the Principle of Least Privilege
- Review Trust Relationships
- Encourage Remote Work Environment Best Practices
- Establish User Awareness Best Practices
- Apply Additional Best Practice Mitigations
If a contractor detects unusual activity, the agencies recommend organizations initiate full identity reset, including resetting passwords for all accounts.
“Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information in the near future,” the advisory warned.