US defense contractors repeatedly targeted by Russian hackers: feds

Moscow-backed hackers have zeroed in on American defense contractors in recent months, the federal government said Wednesday.

The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, released an alert warning that malevolent cyber actors ​have infiltrated emails and accessed data from numerous companies since at least January 2020.

As a result, CISA said the hackers have acquired ​”significant insight into US weapons platforms development and deployment timelines, plans for communications infrastructure, and specific technologies employed by the US government and military​.” 

The alert focused on so-called cleared defense contractors (CDCs), which have access to classified material from the Department of Defense.

“By acquiring the sensitive information, enemies of the US could adjust their own military priorities, ramp up technological developments and divulge US intentions to other foreign nations,” CISA explained.

The hackers targeted companies involved in weapons and missile development, vehicle and aircraft design, software development and information technology, data/analytics, and logistics. 

Over the past two years, CISA said, the hackers have been able to maintain “persistent access” to a number of defense contractor networks — in some cases for at least six months. ​

Last year, for example, the cyber actors stole hundreds of documents related to one company’s products, its relationship with other countries, and information about personnel and legal matters. 

According to CISA, the hackers targeted large and small contractors and subcontractors with “varying levels of cybersecurity protocols and resources.”

It said the operators took advantage of simple passwords, weaknesses in the computer systems and spear-phishing emails to unsuspecting employees to gain initial access.

Once inside, they installed malware and moved through networks to locate and withdraw data. 

In addition to warning of vulnerabilities surrounding protected data, the agency noted that unclassified emails “among employees or with government customers often contain proprietary details about technological and scientific research, in addition to program updates and their funding status.”

CISA predicted the hackers will continue to target the contractors and warned them to begin mitigation actions immediately.