The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (AA22-047A) highlighting ongoing targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. According to the alert, over the last two years, both large and small CDCs and subcontractors supporting various defense industries have been observed being targeted for unclassified proprietary and export-controlled information such as weapons development, communications infrastructure, technological and scientific research, and other proprietary details.
The activities and tactics used by the Russian state-sponsored cyber actors discussed in the alert include: brute forcing techniques, spear phishing emails, harvesting credentials, mapping Active Directory, and maintaining persistent access, in multiple instances for at least six months. While this advisory highlights cyber actions targeting of a different sector, some of the TTPs might be utilized in other attacks and campaigns by Russian adversaries. The FBI, NSA, and CISA urge all critical infrastructure organizations to read the full advisory and investigate suspicious activity in their enterprise and cloud environments. Access the full advisory here.