{"id":7473,"date":"2022-02-18T10:41:41","date_gmt":"2022-02-18T18:41:41","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7473"},"modified":"2022-02-25T15:51:22","modified_gmt":"2022-02-25T23:51:22","slug":"sponsored-cyber-actors-target-cleared-defense-contractor-networks-to-obtain-sensitive-u-s-defense-information-and-technology","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/sponsored-cyber-actors-target-cleared-defense-contractor-networks-to-obtain-sensitive-u-s-defense-information-and-technology\/","title":{"rendered":"Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology"},"content":{"rendered":"

The Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have issued a <\/span>Joint Advisory<\/span><\/a> after observing the regular and persistent targeting of United States cleared defense contractors (CDCs) by Russian state-sponsored cyber threat actors. The targeted CDCs have contracts supporting the U.S. Department of Defense and Intelligence agencies in areas to include: command, control, communications, and combat systems; intelligence, surveillance, reconnaissance, and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers, and logistics.<\/span><\/p>\n

In the past state-sponsored Russian cyber threat actors used common techniques to access the targeted networks. These include credential harvesting, brute force\/password spray techniques, spear phishing, and the use of known vulnerability exploitation against accounts and networks with weak security. These threat actors take advantage of simple and unchanged default passwords, unpatched systems, and unsuspecting and potentially socially engineered employees to gain initial access. Once access is obtained then the threat actors can begin moving laterally through the network to establish persistence, exfiltrate data, and cause harm in many other ways. These same cyber threat actors have employed very similar tactics to gain unauthorized access to enterprise and cloud networks with a focus on leveraging their expertise in attacking Microsoft Office 365 environments.<\/span><\/p>\n

These network intrusions and subsequent data breaches have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology. The acquired information is still highly sensitive. It provides significant data on U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology.\u00a0<\/span><\/p>\n

This information may help adversaries to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment. Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information. The Joint Advisory has provided recommended mitigations.<\/span><\/p>\n

High level actions to help protect against these Russian state-sponsored cyber threat actors activity include:<\/span><\/p>\n