February 16, 2022
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), issued a joint Cybersecurity Advisory titled, "Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology." Compromised entities have included cleared defense contractors (CDCs) supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and Intelligence Community programs.
Over the last two years, both large and small CDCs and subcontractors supporting various defense industries have been observed being targeted for unclassified proprietary and export-controlled information such as weapons development, communications infrastructure, technological and scientific research, and other proprietary details. In the advisory, the three agencies outline the activities and tactics used by the Russian state-sponsored cyber actors that include:
The FBI, NSA, and CISA urge all critical infrastructure organizations and CDCs to investigate suspicious activity in their enterprise and cloud environments. Also, all organizations, with or without evidence of compromise, are encouraged to apply the mitigations listed in the advisory to reduce the risk of compromise by this threat actor. Some of the specific actions that can be taken to protect against this malicious activity include: enforce multifactor authentication, enforce strong, unique passwords, enable M365 Unified Audit Logs, and implement endpoint detection and response tools.
The agency maintains a dedicated webpage that provides an overview of the Russian government's malicious cyber activities. Read the full advisory here and we encourage you to share this information.
In addition to this latest advisory on Russian state-sponsored malicious cyber activity, we encourage all organizations to review our new Shields Up webpage to find recommended actions on protecting their most critical assets from these threat actors.
Cybersecurity and Infrastructure Security Agency