Russian hackers have allegedly obtained sensitive defense information technology by targeting American contractors, said several federal agencies in a bulletin posted Wednesday.
From at least January 2020 through February 2022, the agencies “have observed regular targeting of U.S. cleared defense contractors by Russian state-sponsored cyber actors,” said the Department of Homeland Security-run Cybersecurity and Infrastructure Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA).
“The actors have targeted both large and small [defense contractors] and subcontractors with varying levels of cybersecurity protocols and resources,” the bulletin continued. Contractors who worked in a number of areas including missile and weapons development, vehicle and aircraft design, surveillance and reconnaissance, and communications systems were targeted.
In the bulletin, the agencies did not provide specific details on how they obtained evidence of Russian state-sponsored hackers allegedly targeting U.S. defense contractors. Also unclear is what Russian agency or agencies facilitated the hacks.
The bulletin’s publication also comes amid heightened tensions between the United States and Russia over troops stationed near Ukraine, with White House officials repeatedly saying in recent weeks that Moscow is planning to attack.
CISA also said that the Russian-backed actors use “common but effective tactics to gain access to target networks, including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security,” according to the notice. “These actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data.”
The agencies called on defense contractors to take extra security precautions, including using strong passwords and enabling multifactor authentication for users.
“By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment,” the advisory also warned, adding that cyber actors “will continue to target [contractors] for U.S. defense information in the near future.”
Last year, President Joe Biden warned Russian President Vladimir Putin that Russia would face consequences if it carries cyberattacks against U.S. infrastructure. But Putin and other Russian officials have long dismissed claims from the United States that Russian-sponsored actors were behind cyberattacks.
“We have been accused of all kinds of things,” Putin told NBC News last year. “Election interference, cyberattacks, and so on and so forth. And not once, not once, not one time, did they bother to produce any kind of evidence or proof. Just unfounded accusations.”
The Russian embassy in Washington didn’t immediately respond to a request for comment on the advisory.