Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive information

Stay informed and stay vigilant.

From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources. These CDCs support contracts for the U.S. Department of Defense (DoD) and Intelligence Community in the following areas:

• Command, control, communications, and combat systems;
• Intelligence, surveillance, reconnaissance, and targeting;
• Weapons and missile development;
• Vehicle and aircraft design; and
• Software development, data analytics, computers, and logistics. 

Historically, Russian state-sponsored cyber actors have used common but effective tactics to gain access to target networks, including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security. These actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data. 

continue reading: https://www.cisa.gov/uscert/ncas/alerts/aa22-047a

For additional information on Russian state-sponsored cyber activity, visit CISA website here: https://www.cisa.gov/uscert/russia