Russian hackers have infiltrated US defense contractors, CISA and FBI warn

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

State-sponsored threat actors originating from Russia have been somewhat successful in stealing sensitive data from the US Department of Defence (DoD), American security agencies have said.

In an advisory signed by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA), it was revealed Russians targeted the DoD through the supply chain - by trying to breach endpoints from cleared defense contractors (CDC) and subcontractors.

These firms, who haven’t been named, have allegedly been working with the US Army, Air Force, Navy, Space Force, DoD, and Intelligence programs, on things such as command, control, communications, and combat systems; intelligence, surveillance, reconnaissance, and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers, and logistics.

"Significant insight" into weapons development

They’ve been somewhat successful, as well, as CISA confirmed that some ”sensitive, unclassified information”, had been taken, as well as CDC-proprietary and export-controlled technology. 

The data provides “significant insight” into the American weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology.

Although it’s safe to assume from the advisory that no classified intel was stolen, CISA does add that the nature of the taken data suggests Russians will continue with their operations. 

CISA, FBI, and the NSA are encouraging all CDCs to apply the recommended mitigations listed in the advisory, regardless of evidence of compromise. 

The West often accuses Russia of involvement in various cybercrimes and similar incidents, which the country vehemently denies. A recent Chainalysis report has found that almost three-quarters (74%) of all money stolen through ransom demands in 2021 went to threat actors linked to Russia - equivalent to more than $400 million.

The campaign that the three agencies are referring to, has allegedly been active for the past two years, from at least January 2020, through February 2022.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.