Wednesday, April 24, 2024
Wednesday, April 24, 2024
State-sponsored Russian cyber actors have been targeting the networks of "cleared defense contractors" in a two-year campaign that has allowed the attackers "to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology" from the U.S. firms, according to an alert today from the Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency.
“The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology,” according to the alert.
“Over the last several years, we have observed and documented a host of malicious activity conducted by Russian state-sponsored cyber actors targeting U.S. critical infrastructure. Today’s joint advisory with our partners at FBI and NSA is the latest report to detail these persistent threats to our nation’s safety and security,” CISA Director Jen Easterly said.
“The FBI, along with our partners CISA and NSA, will continue to combat Russia’s targeted cyber activity as it threatens different sectors in the United States. We will actively pursue, prevent and disrupt these malicious actions as they attempt to impact Cleared Defense Contractor networks. We urge our private sector partners as well as the public to continue to implement good cyber hygiene practices to assist in mitigating these threats where possible and report any suspicious cyber activity to www.ic3.gov,” said Bryan Vorndran, assistant director of the FBI’s Cyber Division.
“From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources,” the agencies said in the alert.
“In many attempted compromises, these actors have employed similar tactics to gain access to enterprise and cloud networks, prioritizing their efforts against the widely used Microsoft 365 (M365) environment,” according to the alert. “The actors often maintain persistence by using legitimate credentials and a variety of malware when exfiltrating emails and data.”
The alert added, “These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology.” The agencies said “compromised entities have included CDCs supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DOD and Intelligence programs.”
CISA in the release said, “The FBI, NSA, and CISA urge all CDCs to investigate suspicious activity in their enterprise and cloud environments. Also, all CDCs, with or without evidence of compromise, are encouraged to apply the mitigations listed in the advisory to reduce the risk of compromise by this threat actor. Some of the specific actions that can be taken to protect against this malicious activity include: enforce multifactor authentication, enforce strong, enforce download of software updates, unique passwords, enable M365 Unified Audit Logs, and implement endpoint detection and response tools.”