Security News > 2022 > February > US says Russian state hackers breached cleared defense contractors

Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.
Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.
"Compromised entities have included CDCs supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and DoD and Intelligence programs," the FBI, NSA, and CISA revealed in a joint advisory published today.
Last month, the three agencies also warned that Russian-backed hacking groups are targeting organizations from U.S. critical infrastructure sectors.
In July 2021, the U.S. government also announced a reward of up to $10 million through its Rewards for Justice program for information on malicious cyber activities coordinated by state hackers targeting critical infrastructure sectors.
"NSA encourages all U.S. cleared defense contractors - with or without evidence of compromise - to apply the mitigations in the advisory to reduce the risk of compromise by Russian state-sponsored cyber actors," the NSA added today.
News URL
Related news
- Suspected NATO, UN, US Army hacker arrested in Spain (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US (source)
- US defense contractor cops to sloppy security, settles after infosec lead blows whistle (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)