Published in News

Russians have been taking out US defense contractors

by on18 February 2022

If only they had better security

Hackers backed by the Russian government have breached the networks of multiple US defense contractors in a sustained campaign that has revealed sensitive information about US weapons-development communications infrastructure.

The claim comes from the US federal government said on Wednesday and started in January 2020 and has continued through this month.

The FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency claimed hackers have been targeting and successfully hacking cleared defence contractors, or CDCs, which support contracts for the US Department of Défense and intelligence community.

"During this two-year period, these actors have maintained persistent access to multiple CDC networks, in some cases for at least six months," officials wrote in the advisory.

 "In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data. For example, during a compromise in 2021, threat actors exfiltrated hundreds of documents related to the company's products, relationships with other countries, and internal personnel and legal matters."

The exfiltrated documents included unclassified CDC-proprietary and export-controlled information. This information gives the Russian government "significant insight" into US weapons-platforms development and deployment timelines, plans for communications infrastructure, and specific technologies being used by the US government and military.

The documents include unclassified emails among employees and their government customers discussing proprietary details about technological and scientific research.

The report claimed that hackers have used a variety of methods to breach their targets. The methods include harvesting network passwords through spear phishing, data breaches, cracking techniques, and exploitation of unpatched software vulnerabilities.

After gaining a toehold in a targeted network, the threat actors escalate their system rights by mapping the Active Directory and connecting to domain controllers. From there, they're able to exfiltrate credentials for all other accounts and create new accounts.

The hackers make use of virtual private servers to encrypt their communications and hide their identities, the advisory added.

They also use "small office and home office (SOHO) devices, as operational nodes to evade detection."

Last modified on 19 February 2022
Rate this item
(0 votes)