Russian state-sponsored hackers have been targeting security-cleared US defense contractors for at least two years, according to an alert released Wednesday by the Cybersecurity and Infrastructure Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA).
According to the alert, Russian-backed actors had targeted cleared defense contractors (CDCs) and subcontractors that supported the Department of Defense (DoD) in a range of areas, including weapons and missile development, vehicle and aircraft design, surveillance and reconnaissance, and combat communications systems. Compromised entities include contractors supporting the US Army, Air Force, Navy, Space Force, DoD, and Intelligence programs.
Through intrusions against defense contractors, Russian-backed actors had acquired sensitive unclassified information as well as export-controlled technology, CISA said. Under normal circumstances, technology subject to export-control laws requires a license to be released to foreign entities, necessitating approval from the US government.
Though there is no mention of classified documents being stolen, details suggest that the nature of the information gives a significant understanding of US military operations.
“The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology,” the text of the alert said. “By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment.”
Given the success of current efforts, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target defense contractors for information in the near future.
Although Russia is known for harboring cybercriminal gangs, direct attribution of cyber activities to Russian state-sponsored actors is rare and represents a forceful statement from the US agencies involved. As tensions continue on the Russian border with Ukraine, analysts have been particularly sensitive to state-sponsored cyberattacks from the country.