Advisory Document Outlines Russian State-Sponsored Hacking of Defence Supply Base
A joint investigation by the FBI, the NSA and the US’s Cybersecurity and Infrastructure Security Agency (CISA) has concluded that Russian state-sponsored hackers have been targeting defence contractors for the past two years. (For an earlier story on this subject last month, click here.)
Companies targeted have not been identified, but the agencies say that they include entities active in C4ISR, weapons and missile development, vehicle and aircraft design, software development, data analytics and logistics. The agencies say that the companies targeted are engaged in supplying the USA’s Army, Air Force, Navy, Space Force, and defence intelligence programmes.
The attackers have used “common but effective” techniques to attempt to gain access to the targeted networks, “including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security,” the agencies say, in a Joint Cybersecurity Advisory. In particular, the attackers have targeted companies using Microsoft 365.
As a result, the agencies say, the attackers have been able to “acquire sensitive, unclassified information, as well as … proprietary and export-controlled technology.” The information stolen “provides significant insight into US weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology.”
The agencies outline a series of attack methodologies that have been successfully used, and detail known vulnerabilities attackers have exploited. Some of these were identified as long ago as 2018. The agencies’ advice to companies does not involve any novel defensive strategies: rather, they advise companies to take steps such as enabling multifactor authentication for all users, enforcing strong and unique passwords, using antivirus software, and operating a software patch-management programme.
The advisory does not give any detail about how or why the agencies have attributed the attacks to entities under the control of the Russian state. Publication comes amid a number of announcements and briefings from national-security officials in the US and the UK revealing unusually substantial amounts of intelligence about Russian troop movements on the borders of Ukraine.