US says Russian state hackers lurked in defense contractor networks for months
Hackers backed by the Russian government have breached the networks of multiple US defense contractors in a sustained campaign that has revealed sensitive information about US weapons-development communications infrastructure, the federal government said on Wednesday.
The campaign began no later than January 2020 and has continued through this month, according to a joint advisory by the FBI, National Security Agency, and the Cybersecurity and Infrastructure Security Agency. The hackers have been targeting and successfully hacking cleared defense contractors, or CDCs, which support contracts for the US Department of Defense and intelligence community.
“Persistent access,” “significant insight”
“During this two-year period, these actors have maintained persistent access to multiple CDC networks, in some cases for at least six months,” officials wrote in the advisory. “In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data. For example, during a compromise in 2021, threat actors exfiltrated hundreds of documents related to the company’s products, relationships with other countries, and internal personnel and legal matters.”