Connect with us

Cyber Crime

Russian Hackers Targeted Defense Contractors To Steal Sensitive Data: US Intelligence

State-sponsored actors backed by the Russian government attacked the networks of many US cleared defence contractors (CDCs) on a regular basis in order to get proprietary papers and other sensitive information about the country’s defence and intelligence programmes and capabilities.



How Hackers Created Fake Profile Of 439 Fake Pregnant Women To Cheat Govt Department Of Rs 22 Lakh

Russian hackers have been targeting Pentagon-linked defence companies and subcontractors for at least the past two years in order to steal critical data and information, according to US authorities.

According to a joint alert provided by the US Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency, the ongoing espionage effort began at least two years ago, in January 2020. (CISA).

The perpetrators were able to get sensitive, unclassified information as well as CDC-proprietary and export-controlled technologies as a result of the ongoing breaches, according to the agencies. “The material obtained gives substantial insight into the development and deployment schedules for US weapons systems, vehicle specifications, and communications infrastructure and information technology plans.”

ALSO READ: Cyber Attacks, Fake Bomb Threats: Russia Wreaks Havoc On Ukraine With Hybrid War As Tensions Escalate

Contractors working on command, control, communications, and combat systems, as well as surveillance and reconnaissance, weapons and missile development, vehicle and aircraft design, software development, data analytics, and logistics, have all been compromised.

Before moving laterally to establish persistence and exfiltrate data, threat actors use “standard but successful” strategies to infiltrate target networks, including spear-phishing, credential harvesting, brute-force assaults, password spray techniques, and exploitation of known vulnerabilities in VPN equipment.

ALSO READ: Russian Hackers Behind 74% of Ransomware Attacks, Cyber Criminals Made Over $400mn In Crypto: Chainalysis Report

Many of the breaches also entail getting access to business and cloud networks, with the attackers keeping permanent access to the compromised Microsoft 365 systems for up to six months in order to gather emails and data again.

“As the CDCs discover and patch existing vulnerabilities on their networks, the actors change their tradecraft to seek new ways of access,” the agencies noted. “CDCs must maintain ongoing monitoring for software vulnerabilities and out-of-date security configurations, especially in internet-facing systems,” says the report.

Follow on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube