The Cybersecurity and Infrastructure Security Agency, National Security Agency and the FBI have released a joint advisory saying cleared defense contractors and subcontractors have been targeted by Russian state-backed cyberthreat actors over the past two years.
Threat actors are targeting CDCs to gain access to export-controlled and unclassified proprietary data related to weapons development, scientific and technological research and communications infrastructure using brute force techniques, spearphishing emails and harvested credentials, among other tactics, CISA said Wednesday.
According to the advisory, these cleared contractors are supporting contracts with defense and intelligence agencies in various areas, including software development and analytics, weapons and missile development and vehicle and aircraft design.
“Over the last several years, we have observed and documented a host of malicious activity conducted by Russian state-sponsored cyber actors targeting U.S. critical infrastructure,” said Jen Easterly, director of CISA and a 2022 Wash100 Award winner.
“Today’s joint advisory with our partners at FBI and NSA is the latest report to detail these persistent threats to our nation’s safety and security. Everyone has a role to play to combat this and other Russian cyber threats, and we encourage all organizations of every size to take action to mitigate risks to their networks,” added Easterly.
Some of the mitigation measures outlined in the advisory are enabling multifactor authentication; introducing account lockout and time-based access features; establishing centralized log management; initiating software and patch management program; and using endpoint detection and response tools.