In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data. Space Force, and DoD and Intelligence programs.ĭuring this two-year period, these actors have maintained persistent access to multiple CDC networks, in some cases for at least six months. Compromised entities have included CDCs supporting the U.S. defense and intelligence programs and capabilities. The actors leverage access to CDC networks to obtain sensitive data about U.S. CDCs from at least January 2020, through February 2022. Russian state-sponsored cyber actors have targeted U.S. Threat Details Targeted Industries and Assessed Motive
Target contact us pdf#
These agencies encourage all CDCs to apply the recommended mitigations in this advisory, regardless of evidence of compromise.įor additional information on Russian state-sponsored cyber activity, see CISA's webpage, Russia Cyber Threat Overview and Advisories.Ĭlick here for a PDF version of this report. Given the sensitivity of information widely available on unclassified CDC networks, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. intentions, and target potential sources for recruitment. By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology. The acquired information provides significant insight into U.S. These continued intrusions have enabled the actors to acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology. The actors often maintain persistence by using legitimate credentials and a variety of malware when exfiltrating emails and data. In many attempted compromises, these actors have employed similar tactics to gain access to enterprise and cloud networks, prioritizing their efforts against the widely used Microsoft 365 (M365) environment.
These actors take advantage of simple passwords, unpatched systems, and unsuspecting employees to gain initial access before moving laterally through the network to establish persistence and exfiltrate data. Historically, Russian state-sponsored cyber actors have used common but effective tactics to gain access to target networks, including spearphishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security.
Target contact us software#
Software development, data analytics, computers, and logistics.Intelligence, surveillance, reconnaissance, and targeting.Command, control, communications, and combat systems.Department of Defense (DoD) and Intelligence Community in the following areas: These CDCs support contracts for the U.S. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. Implement endpoint detection and response tools.įrom at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S.
Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity:
0 kommentar(er)
