Easy access to all the Government news updates

Subscribe and receive personalized news articles straight in your inbox

*By clicking "Join us now" you agree to receive emails, promotions and general messages from ExecutiveGov. In addition, you also agree to ExecutiveGov's Privacy Policy and Terms & Conditions.

x
//

CISA, FBI, NSA Warn of Russian State-Backed Actors Targeting Cleared Defense Contractors; Jen Easterly Quoted

2 mins read

The Cybersecurity and Infrastructure Security Agency, National Security Agency and the FBI have released a joint advisory saying cleared defense contractors and subcontractors have been targeted by Russian state-backed cyberthreat actors over the past two years.

Threat actors are targeting CDCs to gain access to export-controlled and unclassified proprietary data related to weapons development, scientific and technological research and communications infrastructure using brute force techniques, spearphishing emails and harvested credentials, among other tactics, CISA said Wednesday.

According to the advisory, these cleared contractors are supporting contracts with defense and intelligence agencies in various areas, including software development and analytics, weapons and missile development and vehicle and aircraft design.

“Over the last several years, we have observed and documented a host of malicious activity conducted by Russian state-sponsored cyber actors targeting U.S. critical infrastructure,” said Jen Easterly, director of CISA and a 2022 Wash100 Award winner.

Today’s joint advisory with our partners at FBI and NSA is the latest report to detail these persistent threats to our nation’s safety and security. Everyone has a role to play to combat this and other Russian cyber threats, and we encourage all organizations of every size to take action to mitigate risks to their networks,” added Easterly.

Some of the mitigation measures outlined in the advisory are enabling multifactor authentication; introducing account lockout and time-based access features; establishing centralized log management; initiating software and patch management program; and using endpoint detection and response tools.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Cybersecurity