WASHINGTON — Hackers infiltrated a defense industrial base organization, maintained “persistent, long-term” access to its network and absconded with sensitive data, U.S. government agencies said.
The Cybersecurity and Infrastructure Security Agency responded to malicious activity from November 2021 to January 2022, according to an Oct. 4 advisory published by the Department of Homeland Security division and its partners at the National Security Agency and the FBI. A third-party response team was also engaged.
The targeted organization — most likely a defense contractor — was not named.
The unidentified intruders used an open-source tool kit called Impacket to gain a foothold in the organization’s systems, according to the government bulletin. They then used a tailored exfiltration tool known as CovalentStealer to make off with important files, it stated. Initial access was gained as early as January 2021.
The implications of the hack were not immediately clear.
The Department of Defense’s pool of contractors and related resources is under constant threat of digital harassment and foreign influence campaigns. While international competitors may be deterred from directly fighting the U.S., the Pentagon’s 2018 cyber strategy noted, they are seizing the digital domain to take “our technology, disrupt our government and commerce, challenge our democratic processes, and threaten our critical infrastructure.”
In a joint cybersecurity report published shortly before Russia’s Feb. 24 invasion of Ukraine, CISA, NSA and the FBI accused hackers backed by Moscow of targeting U.S. defense companies for years, saying that the data snaked away provides “significant insight” into weapons and communications infrastructure.
Russia has historically denied such claims.
Those targeted work on defense and intelligence contracts, including missile development and vehicle and aircraft design, the federal agencies said at the time. The compromised companies support the U.S. Army, Air Force, Navy, Space Force and national security programs, generally.
During one high-profile transgression last year, “actors exfiltrated hundreds of documents related to the company’s products, relationships with other countries, and internal personnel and legal matters,” CISA said.
Defense News in June 2018 reported Chinese-sponsored cyberattacks breached a Navy contractor’s computers, jeopardizing sensitive information tied to secret work on an anti-ship missile.
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.