The U.S. intelligence community says that Russian-sponsored actors have been targeting defense contractors for at least the past two years and in some cases have gained access to sensitive information.
In an alert released Wednesday, the FBI, National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) said they had observed “regular targeting” of contractors from at least January 2020 through this month.
The intrusions have allowed the hackers to acquire “sensitive, unclassified information, as well as [cleared defense contractor]-proprietary and export-controlled technology,” reads the alert.
“By acquiring proprietary internal documents and email communications, adversaries may be able to adjust their own military plans and priorities, hasten technological development efforts, inform foreign policymakers of U.S. intentions, and target potential sources for recruitment,” the alert continues.
The advisory comes amid high tensions between the U.S. and Russia over the 150,000 troops Russia has placed around the borders of Ukraine.
Cybersecurity became a focal point of U.S.-Russian relations last year after a series of high-profile attacks that either originated from Moscow or were backed by the Russian government.
President Biden met with Russian President Vladimir Putin in June, during which Biden gave Putin a list of 16 “specific entities” that the U.S. considered off limits to cyberattacks.
The alert doesn’t name specific companies that were targeted but broadly said the entities support the Department of Defense, the Army, Air Force, Navy and Space Force.
The notice also mentioned that the companies support contracts for a variety of services like weapons and missile development, vehicle and aircraft design, as well as intelligence, surveillance, reconnaissance and targeting.
The intelligence community said the hackers used a variety of tactics to gain access to cloud networks, mainly focusing on Microsoft 365.
In cases where the hackers obtain access, the FBI, NSA and CISA observed “regular and recurring exfiltration of emails and data.”
For instance, in one hack in 2021, actors were able to get “hundreds” of documents related to a company’s products, relationships with other countries and internal personnel and legal matters.