Security News

State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. Compromised entities include contractors that dabble in command, control, communications, and combat systems; surveillance and reconnaissance; weapons and missile development; vehicle and aircraft design; and software development, data analytics, and logistics.

A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed. CISA's announcement and an accompanying report [PDF] state that it, the FBI, and the NSA have all spotted "Regular targeting" of contractors that serve the US Department of Defense, intelligence agencies, and all branches of the US military other than the Coast Guard.

Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.

Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.

Researchers discover common threat actor behind aviation and defense malware campaigns. Security researchers at Proofpoint have announced their discovery of a common threat actor behind attacks reported by Cisco Talos, Microsoft and others, and they say that the group has been active since at least 2017.

Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others, has led enterprise security firm Proofpoint to a "Cybercriminal threat actor" codenamed TA2541 that employs "Broad targeting with high volume messages." The ultimate objective of the intrusions is unknown as yet.

Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats, that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection.

The Federal Bureau of Investigation has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this Friday. Two years later, in June 2021, LockBit announced the LockBit 2.0 RaaS on their data leak site after ransomware actors were banned from posting on cybercrime forums [1, 2]. With the relaunch, the ransomware gang redesigned Tor sites and overhauled the malware, adding more advanced features, including the automatic encryption of devices across Windows domains via Active Directory group policies.

Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. Trellix attributed the attacks with moderate confidence to the Russia-based APT28 group, the threat actor behind the compromise of SolarWinds in 2020, based on similarities in the source code as well as in the attack indicators and geopolitical objectives.

One of the most valuable steps an organization can take is to establish a cyber-threat profile, which is a deep-dive look at your organization's adversaries, vulnerabilities and risk. The creation of a cyber-threat profile should be based on intelligence and due diligence and should be used to drive action for the other cyber-defense functions.