US authorities say Russian hackers attacked US defense contractors

Russian hackers attacked
Written by Emma Davis

The US government said that from January 2020 to February 2022, Russian government hackers regularly attacked and compromised several of the country’s defense contractors.

A joint official statement was issued by representatives of the NSA, CISA and the FBI. The document says:

Compromised entities include CDCs [approved defense contractors] supporting the US Army, US Air Force, US Navy, US Space Force, and US Department of Defense and Intelligence programs. For two years, the attackers maintained continuous access to several CDC networks, in some cases for at least six months.

Russian hackers attacked

The hackers reportedly relied on “common but effective” hacking tactics in their attacks, including spear-phishing, credential pre-harvesting, brute force, password spraying, and exploiting known vulnerabilities. For example, the attackers used the following bugs:

  1. CVE-2018-13379 (CVSS 9.8) – Path traversal vulnerability in Fortinet FortiGate SSL VPN.
  2. CVE-2020-0688 (CVSS 8.8) – RCE vulnerability in Microsoft Exchange.
  3. CVE-2020-17144 (CVSS 8.4 points) – RCE vulnerability in Microsoft Exchange.

In the case of a successful compromise, the attackers stole emails and confidential (unclassified) data, including proprietary and export-controlled information.

For example, during a compromise in 2021, attackers stole hundreds of documents related to company products, relations with other countries, internal personnel and legal issues.the authorities explain.

It is emphasized that the theft of this information provided the attackers with very detailed, albeit unclassified, information about the timing of the development and deployment of US weapons platforms, the technical characteristics of vehicles, and plans in the field of communication infrastructure and information technology.

By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment.the official statement said.

Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity:

  1. Enforce multifactor authentication.
  2. Enforce strong, unique passwords.
  3. Enable M365 Unified Audit Logs.
  4. Implement endpoint detection and response tools.

You may also be interested in the following information: Microsoft: Russian hackers attack anti-doping organizations, and Russian hackers tried to steal COVID-19 research data.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply