WASHINGTON — U.S. officials said Wednesday that Russian state-backed hackers have been targeting U.S. defense contractors for the last two years, acquiring “sensitive” information, including about weapons development.
The hackers have used “common but effective tactics,” including the harvesting of user credentials and spearphishing attacks, to gain access to large and small defense contractors, according to a statement from the National Security Agency, the Federal Bureau of Investigation and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
The hackers have managed to maintain access to the companies, sometimes for as long as six months, by using legitimate credentials as well as a variety of malicious software, according to the agencies. In instances where attackers successfully gained access to companies, U.S. officials said there was “regular and recurring exfiltration of emails and data.” The alert did not identify the affected firms by name.
The Russian Embassy in Washington did not immediately respond to a request for comment.
During one breach last year, hackers stole hundreds of documents related to an unnamed company’s products, relationships with other countries and internal personnel and legal matters.
The attacks have focused on “cleared” defense contractors, meaning organizations granted clearance by the Defense Department to access, receive and store classified information to bid on contractors or conduct activities in support of Defense Department programs.
The intrusions enabled the hackers to acquire “sensitive unclassified information,” in addition to defense contractors’ proprietary and export-controlled technology, according to the statement.
“The acquired information provides insight into U.S. weapons platforms development and deployment timelines, vehicle specifications and plans for communications infrastructure and information technology,” according to the U.S.
The contractors were targeted from at least January 2020 to this month.
