U.S. warns of Russia-sponsored hackers targeting defense contractors

The U.S. intelligence community warned Wednesday that Russia-sponsored hackers have repeatedly attempted to infiltrate computer networks belonging to Department of Defense contractors to steal information on weapons technologies.

Why it matters: It said that state-sponsored cyber actors have made several intrusion attempts between January 2020 and February 2022 and have acquired emails, sensitive, unclassified information and "export-controlled technology" owned by the contractors.

The FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency did not disclose specifically which contractors have been targeted.

• They said the targeted companies are involved with weapons and missile development, vehicle and aircraft design, software development, information technologies, data analytics and logistics.
• The hackers were able to have persistent access to contractor networks for up to six months in some cases. The FBI, NSA and CISA warned that "regular and recurring exfiltration of emails and data" has occurred over that two-year period.
• During a compromise in 2021 against an undisclosed contractor, hackers exfiltrated hundreds of documents related to the company’s products, relationships with other countries and its internal personnel and legal matters.

What they're saying: The information acquired by the hackers provides Russia "significant" insight into the development of weapons, weapon deployment times, vehicle specifications and plans for communications infrastructure and information technology, the intelligence community said.

• "By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment," it added.
• The hackers have used multiple different infiltration tactics against target networks and cloud-based services commonly used by businesses, such as Microsoft 365.

The big picture: President Biden warned President Vladimir Putin last year that Russia would face stiff consequences if it conducts cyberattacks on critical U.S. infrastructure.

• Biden gave Putin a list of 16 critical infrastructure entities that are off limits as targets for cyberattacks, though it is unknown if defense contractors were on the list.
• The alert from the intelligence community comes as U.S.-Russian relations are deeply strained over Moscow's military buildup near Ukraine's border.

Go deeper: U.S. faces urgent anti-hacker crisis