Joint cybersecurity
advisory
CISA Warns of Russia-Backed Cyberattacks on Cleared Defense Contractors
The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI have issued a joint warning about Russian state-sponsored hackers targeting U.S. defense contractors cleared to receive classified information from the Department of Defense.
Both large and small cleared defense contractors have been targeted for unclassified proprietary information, CISA said Wednesday.
Cyber actors have also been found targeting export-controlled information, including details on weapons development, communications infrastructure, technology research and others.
In its full advisory, CISA said that the targeted contractors support the DOD and the Intelligence Community in areas such as command and control, intelligence, surveillance, reconnaissance, weapons development, vehicle design and software development.
CISA added that Russian state-sponsored cyber actors most commonly find success through tactics like spearfishing and credential harvesting. They reportedly focus their efforts on the Microsoft 365 environment to exfiltrate emails and data.
As a result of the intrusions, the hackers have acquired information that, according to CISA, offers “significant insight” into the U.S. military’s development and deployment timelines, vehicle specifications and information technology plans.
CISA and its partner agencies warned that Russian state-sponsored cyber actors will continue targeting the U.S. defense industrial base. The agencies advised organizations to take remedial steps regardless of evidence of compromise.
Some measures that defense contractors can take are the enforcement of multi-authentication, the use of strong and unique passwords, the use of M365 unified audit logs and the implementation of endpoint detection and response tools.
Category: Cybersecurity