Russian-backed cybercriminals have been targeting and hacking the United States’ cleared defense contractors (CDCs) since at least January 2020 to obtain and steal sensitive information on U.S. defense and intelligence programs and capabilities. CDCs are commercial entities that have been granted access to secret information by the Department of Defense (DoD) to compete for contracts or assist DoD initiatives.
They have access to the data on different DoD and Intelligence Community initiatives, including:
- Command, control, communications, and combat systems;
- Intelligence, reconnaissance, surveillance, and targeting;
- Weapons and missile development;
- Vehicle and aircraft design; and
- Software development, computers, data analytics, and logistics.
Russian hacker gangs have entered various CDC networks since at least January 2020. In some cases, they have been persistent for at least six months, frequently exfiltrating hundreds of documents, emails, and other data. “Compromised entities have included CDCs supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DoD and Intelligence programs,” the FBI, NSA, and CISA revealed in a joint advisory.
The attackers have been able to get sensitive, unclassified information and CDC-proprietary and export-controlled technologies due to the ongoing breaches. Adversaries may be able to change their military plans and objectives, speed technology development efforts, notify foreign governments of US intentions, and target possible sources for recruiting by obtaining proprietary internal papers and email correspondence.
The three agencies also warned last month that Russian-backed cyber groups are targeting companies in the vital infrastructure sectors of the United States. According to the FBI, NSA, and CISA, Russian APT groups, including APT28, APT29, and the Sandworm Team, have employed harmful malware to attack industrial control systems (ICS) and operational technology (O.T.) networks belonging to critical infrastructure organizations worldwide.
In July 2021, the US government announced a $10 million prize for information on hostile cyber actions orchestrated by state hackers targeting vital infrastructure sectors through its Rewards for Justice (RFJ) program.