Security News > 2022 > February > Russia 'stole US defense data' from IT systems
A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed.
CISA's announcement and an accompanying report [PDF] state that it, the FBI, and the NSA have all spotted "Regular targeting" of contractors that serve the US Department of Defense, intelligence agencies, and all branches of the US military other than the Coast Guard.
Whoever broke into the US defense contractors' systems did not use novel tactics, it is said.
Obtaining legitimate M365 credentials appears to have been the jackpot for the intruders, who used them to maintain a presence inside defense contractors for months at a time.
CISA's response is a long list of security controls and practices it wants defense contractors to observe, some of which - such as an exhortation to "Initiate a software and patch management program" - surely cannot be news to any competent manager, governance officer, or IT professional, never mind someone working in such roles at a defense contractor.
Whether US defense and intelligence organisations are also reviewing their trust relationships with suppliers that did not perform basic infosec hygiene is not discussed in the document.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/17/cisa_russian_attacks/