WASHINGTON — Russian state-sponsored hackers have targeted U.S. defense contractors for years, absconding with information that provides “significant insight” into weapons development, communications infrastructure and IT, a bulletin published this week warned.
In a joint cybersecurity advisory, the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency claimed they observed regular targeting of U.S. defense contractors from January 2020 through February 2022. The breaches could translate to changes of plans or postures among foreign governments, the agencies claimed, or could accelerate their development of tech and related policy.
The targeted teams — both large and small — work on defense and intelligence contracts, including missile development and vehicle and aircraft design. The companies compromised support the U.S. Army, Air Force, Navy, Space Force and national security programs, generally.
During one notable transgression in 2021, CISA said, “actors exfiltrated hundreds of documents related to the company’s products, relationships with other countries, and internal personnel and legal matters.”
Rob Joyce, the director of cybersecurity for the National Security Agency, said in a statement Wednesday that Russian state-sponsored “cyber actors” have been “persistent in targeting U.S. cleared defense contractors to get at sensitive information.” And the onslaught is expected to continue.
The advisory comes as the threat of a Russian invasion of Ukraine — its smaller and less-equipped neighbor — wracks nerves and dominates headlines worldwide. Websites for Ukrainian banks and government agencies were hit with a cyberattack on Feb. 15, according to local officials, although it was not immediately clear who the perpetrators were. Dozens of sites were disabled in January, as well.
The U.S. government recently cautioned agencies, businesses and other organizations to guard against cyberattacks, issuing a so-called “Shields Up” notice.
“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” said CISA, part of the Department of Homeland Security.
Moscow has used cyber and disinformation as a means of force projection, the agency said, including in Ukraine in 2015.
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.