"New Cybersecurity Advisory: Protecting Cleared Defense Contractor Networks Against Russian Hackers"
The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint Cybersecurity Advisory titled, "Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive US Defense Information and Technology." Within the last two years, Cleared Defense Contractors (CDCs) that support the US Army, US Air Force, US Navy, US Space Force, and Intelligence Community programs have been compromised. Both large and small CDCs and subcontractors supporting various defense industries have been targeted in attacks aimed at stealing unclassified proprietary and export-controlled information such as weapons development, communications infrastructure, technological and scientific research, and more. The agencies' advisory highlights the activities and tactics used by the Russian state-sponsored cyber actors, including brute force attacks, spearphishing attacks involving emails with links to malicious domains, and the use of harvested credentials together with known vulnerabilities to escalate privileges. The advisory urges all CDCs to investigate suspicious activity within their enterprise and cloud environments. All CDCs, regardless of whether or not they have evidence of compromise, are encouraged to apply the recommended mitigations to reduce the risk of compromise. These actions include implementing multifactor authentication, enforcing strong password creation, ensuring that all software is updated, enabling M365 Unified Audit Logs, and implementing endpoint detection and response tools. This article continues to discuss the new joint cybersecurity advisory from the FBI, NSA, and CISA on protecting CDCs from Russian hackers.