State-sponsored threat actors originating from Russia have been somewhat successful in stealing sensitive data from the US Department of Defence (DoD), American security agencies have said.
In an advisory signed by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA), it was revealed Russians targeted the DoD through the supply chain - by trying to breach endpoints from cleared defense contractors (CDC) and subcontractors.
These firms, who haven’t been named, have allegedly been working with the US Army, Air Force, Navy, Space Force, DoD, and Intelligence programs, on things such as command, control, communications, and combat systems; intelligence, surveillance, reconnaissance, and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers, and logistics.
"Significant insight" into weapons development
They’ve been somewhat successful, as well, as CISA confirmed that some ”sensitive, unclassified information”, had been taken, as well as CDC-proprietary and export-controlled technology.
The data provides “significant insight” into the American weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology.
Although it’s safe to assume from the advisory that no classified intel was stolen, CISA does add that the nature of the taken data suggests Russians will continue with their operations.
CISA, FBI, and the NSA are encouraging all CDCs to apply the recommended mitigations listed in the advisory, regardless of evidence of compromise.
The West often accuses Russia of involvement in various cybercrimes and similar incidents, which the country vehemently denies. A recent Chainalysis report has found that almost three-quarters (74%) of all money stolen through ransom demands in 2021 went to threat actors linked to Russia - equivalent to more than $400 million.
The campaign that the three agencies are referring to, has allegedly been active for the past two years, from at least January 2020, through February 2022.
- Here's our rundown of the best firewalls right now