stats count
Tuesday, August 9, 2022
Home Technology US says Russian state hackers lurked in defense contractor networks for months

US says Russian state hackers lurked in defense contractor networks for months


Enlarge / What’s happened to Russia’s flag?

Hackers backed by the Russian government have breached the networks of multiple US defense contractors in a sustained campaign that has revealed sensitive information about US weapons-development communications infrastructure, the federal government said on Wednesday.

The campaign began no later than January 2020 and has continued through this month, according to a joint advisory by the FBI, National Security Agency, and the Cybersecurity and Infrastructure Security Agency. The hackers have been targeting and successfully hacking cleared defense contractors, or CDCs, which support contracts for the US Department of Defense and intelligence community.

“Persistent access,” “significant insight”

“During this two-year period, these actors have maintained persistent access to multiple CDC networks, in some cases for at least six months,” officials wrote in the advisory. “In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data. For example, during a compromise in 2021, threat actors exfiltrated hundreds of documents related to the company’s products, relationships with other countries, and internal personnel and legal matters. ”

The exfiltrated documents have included unclassified CDC-proprietary and export-controlled information. This information gives the Russian government “significant insight” into US weapons-platforms development and deployment timelines, plans for communications infrastructure, and specific technologies being used by the US government and military. The documents also include unclassified emails among employees and their government customers discussing proprietary details about technological and scientific research.

FBI, NSA, CISA

FBI, NSA, CISA

The advisory said:

These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology. The acquired information provides significant insight into US weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology. By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of US intentions, and target potential sources for recruitment. Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for US defense information in the near future. These agencies encourage all CDCs to apply the recommended mitigations in this advisory, regardless of evidence of compromise.

Spear-phishing, hacked routers, and more

The hackers have used a variety of methods to breach their targets. The methods include harvesting network passwords through spear-phishing, data breaches, cracking techniques, and exploitation of unpatched software vulnerabilities. After gaining a toehold in a targeted network, the threat actors escalate their system rights by mapping the Active Directory and connecting to domain controllers. From there, they’re able to exfiltrate credentials for all other accounts and create new accounts.

The hackers make use of virtual private servers to encrypt their communications and hide their identities, the advisory added. They also use “small office and home office (SOHO) devices, as operational nodes to evade detection.” In 2018, Russia was caught infecting more than 500,000 consumer routers so the devices could be used to infect the networks they were attached to, exfiltrate passwords, and manipulate traffic passing through the compromised device.

These techniques and others appear to have succeeded.

“In multiple instances, the threat actors maintained persistent access for at least six months,” the joint advisory stated. “Although the actors have used a variety of malware to maintain persistence, the FBI, NSA, and CISA have also observed intrusions that did not rely on malware or other persistence mechanisms. In these cases, it is likely the threat actors relied on possession of legitimate credentials for persistence, enabling them to pivot to other accounts, as needed, to maintain access to the compromised environments. ”

The advisory contains a list of technical indicators admins can use to determine if their networks have been compromised in the campaign. It goes on to urge all CDCs to investigate suspicious activity in their enterprise and cloud environments.



Source link

RELATED ARTICLES

Game #109: San Diego Padres at Los Angeles Dodgers

San Diego Padres vs. Los Angeles Dodgers, August 5, 2022, 7:10 pm PT Location: Dodger Stadium, Los Angeles, CA TV: Bally Sports...

Observations from day 8 of 49ers training camp; Trey Lance gets it going

Here is what stood out from the 49ers eighth practice during training camp in Santa Clara. Trey Lance Lance had one of his better days...

Can the OnePlus 10T 5G be the flagship Android phone of 2022?

Within less than a few hours, the OnePlus 10T 5G will be officially released on the global market. The launch event...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Game #109: San Diego Padres at Los Angeles Dodgers

San Diego Padres vs. Los Angeles Dodgers, August 5, 2022, 7:10 pm PT Location: Dodger Stadium, Los Angeles, CA TV: Bally Sports...

Observations from day 8 of 49ers training camp; Trey Lance gets it going

Here is what stood out from the 49ers eighth practice during training camp in Santa Clara. Trey Lance Lance had one of his better days...

Can the OnePlus 10T 5G be the flagship Android phone of 2022?

Within less than a few hours, the OnePlus 10T 5G will be officially released on the global market. The launch event...

Trent Alexander-Arnold: ‘We have to deliver trophies every season – minimum one!’ – Liverpool FC

Trent Alexander-Arnold admits it will be a "massive failure" if Liverpool do not win at least one trophy this season. Jurgen Klopp's side narrowly...

Recent Comments