US Agencies Say Russian Hackers Compromised Defense Contractors

Hackers backed by the Russian government have breached the networks of multiple US defense contractors in a sustained campaign that has revealed sensitive information about US weapons-development communications infrastructure, the federal government said on Wednesday. Wired reports: The campaign began no later than January 2020 and has continued through this month, according to a joint advisory by the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency. The hackers have been targeting and successfully hacking cleared defense contractors, or CDCs, which support contracts for the US Department of Defense and intelligence community. "During this two-year period, these actors have maintained persistent access to multiple CDC networks, in some cases for at least six months," officials wrote in the advisory. "In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data. For example, during a compromise in 2021, threat actors exfiltrated hundreds of documents related to the company's products, relationships with other countries, and internal personnel and legal matters."

The exfiltrated documents included unclassified CDC-proprietary and export-controlled information. This information gives the Russian government "significant insight" into US weapons-platforms development and deployment timelines, plans for communications infrastructure, and specific technologies being used by the US government and military. The documents also include unclassified emails among employees and their government customers discussing proprietary details about technological and scientific research.

The hackers have used a variety of methods to breach their targets. The methods include harvesting network passwords through spear phishing, data breaches, cracking techniques, and exploitation of unpatched software vulnerabilities. After gaining a toehold in a targeted network, the threat actors escalate their system rights by mapping the Active Directory and connecting to domain controllers. From there, they're able to exfiltrate credentials for all other accounts and create new accounts. The hackers make use of virtual private servers to encrypt their communications and hide their identities, the advisory added. They also use "small office and home office (SOHO) devices, as operational nodes to evade detection."

Re:Please tell me that this is just a nightmare...

[splutty]

The only thing you need to do to get answers to these questions you keep asking in every post ever made, is to stick your dick in a wall socket.

Re: Please tell me that this is just a nightmare..

[djp2204]

How dare you assume gender!

Re:

[nightflameauto]

I love that this comment as a response to the internet Whiner gets a +5, Informative rating.

Re: Please tell me that this is just a nightmare..

[Anonymouse Cowtard]

there isn't enough room here to go into details And yet you paste swatstickers that go on and on for pages. Anyway, I appreciate you adding to/updating your posts with fresh, new content. Future cyber archaeologists will trawl your posts for the moment of singularity and your memes will live forever in their own section on archive.org

I wonder how many more times

[iamnotx0r]

Are the defense contractors unable to defend.

This is like monthly news for the last 10 years.

Lol.

Re:

[BardBollocks]

gotta keep the new cold war booga booga going.

when your domestic spy and intelligence agencies hoard vulnerabilities so they can spy on you and I with malware injection systems they seem to ignore that they make all of us less safe.

Honestly, without the public being able to audit hardware and software, we're going to keep on getting screwed.

Re:

[Anonymous Coward]

Honestly, without the public being able to audit hardware, software and elections, we're going to keep on getting screwed.

FTFY.

--
Who's the worse tyrant: Trudeau or Biden?

Re:

[geekmux]

I wonder how long we'll pretend "defense contractor" makes Active Directory vulnerabilities go away. Or magically makes dumb users, less dumb.

It doesn't. Not even a little bit.

And no, NIST 800-171 didn't change a damn thing, even after years of being "implemented", because no one took it seriously. Not even the government. And without actual punishments for cybersecurity non-compliance, CMMC won't change a damn thing either.

Hacking has been reduced to nothing but the cost of doing business. No one want

Alternative to AD?

[david.emery]

What's the alternative to Microsoft Active Directory for a large enterprise? And what is the track record of competing products? I'm not defending AD, quite the opposite. I suspect it's a major widespread vulnerability. BUT I don't know if there are better alternatives out there. Nor do I understand the role of something like AD in a 'zero trust' context.

Re:

[Greeneland]

The article said they used Active Directory to map resources. You could also find resources looking at DNS servers. There are numerous ways to do this using various resources that store names of other resources. If you replace them, how will you prevent access to your new 'thing' considering that they obtained the credentials needed to access these current things first.

The user falling for the phishing attack is likely the biggest unsolved problem. Unpatched servers is solvable.

Re:Alternative to AD?

[splutty]

The only realistic option is to simply not run a Windows based network.

But even then, AD isn't exactly the problem, the people using it are.

Almost all these attacks aren't based on some hidden 0-day vulnerability, but on levels of social engineering, or using faulty configs, infected computers, etc, etc.

Re:

[_merlin]

Even if you don't run Windows, what's a better directory service? Last time I checked, which is admittedly eight years ago now, there just wasn't any real competition for it, even with Linux clients. Everything else had less functionality and was more of a pain to use.

Re:

[Areyoukiddingme]

Even if you don't run Windows, what's a better directory service?

LDAP still exists and is quite usable. Can't say that it's "better" in every metric, but it's at least different, and it's certainly less vulnerable than Microsoft's usual dreck.

Re:

[_merlin]

LDAP still exists and is quite usable.

That's not actually answering the question. If someone asks for an alternative to Exchange Server, and you say, "SMTP still exists," you haven't answered the question. (I use postfix for SMTP, dovecot for serving mailboxes, running rules etc. and Horde on Apache to provide webmail, serve CardDAV/CalDAV and so on. It works, but it's still a pain to do shared mailboxes, editable shared calendars, meeting scheduling, and so on.)

What's an alternative LDAP/Kerberos system

Re:

[Anonymous Coward]

Right, except most of the severe vulnerabilities of the last decade haven't been in Windows, they've been in 3rd party software, including, quite prominently, open source software, so to suggest it's a Windows problem is both naive, and misleading for anyone who wants to understand where the security risks are. Simply allowing people to blame Windows when it's not the issue will leave people ignorant to where the issue actually is.

Like it or not, the worst infiltrations of recent years have had nothing to d

Re:

[splutty]

I agree with most of your ranty diatribe, even if it had nothing to do with my comment :)

I never advocated for moving away from Windows, but the only realistic way to not use AD is to not use Windows.

Re:

[Narcocide]

Well, there's OpenLDAP but I couldn't speak for whether it's any more secure standing in for Active Directory. It's cheaper anyway.

Time for the punishment

[Powercntrl]

No, not for the Russian hackers, this one is for the idiots in charge of IT at the affected defense contractors.

Grab some chalk and start writing. [imgur.com]

brute force, spearphishing, vulnerabilites

[awwshit]

Defense contractors have to meet all kinds of government mandated cybersecurity requirements. Including things like mandating FIPS certified encryption. It is these mandated items that are the main vector for access. I can implement a better VPN but I'm not allowed to do so. It is easy to point at the contractors but the government does this to itself through ridiculous requirements. Why do you require me to use known vulnerable things?

Re:

[jacks smirking reven]

Cover your ass liability. If you let companies make those calls next year they will say "New Whizzbang VPN will save us 10% next year", then they use it and maybe it's got big unknown exploits or they don't config it properly because it's new. They get hacked and there was no standards, or even with a lot of stuff you also need maximum and specific standards as much as minimums.

Now that doesnt mean the government reuqires are ideal or are probably kept up to date as quickly as they should,and some are pro

Re:

[awwshit]

There is a process for making your case and asking for an exception. I could make a case and it would be denied. I'm not talking about cost saving or using the shiniest new thing. I'm talking about making a real security effort and doing the right things, with documentation, access controls, configuration controls, etc. We already have policies and processes in place for documentation, change control, audits, etc. Exactly zero requests for exceptions are approved. Pretty much NIST dictates everything,

Should have hired me instead.

[Narcocide]

Assholes.

Reinhard Gehlen Quote

[Hari Pota]

Reinhard Gehlen was one of the best intel chiefs of all time, Hitler should have listened to him instead of mocking him. He wrote..

"In American Intelligence Offices 'secret' means known to all, 'top secret' only to people who ask, and 'cosmic' known only to the opposition."

Re:

[mcswell]

What did he have to say about the German information encrypted with Enigma? Even if he didn't know about (or possibly even suspect) its decryption by the Allies at the time, the Ultra Secret was published in 1973, and Gehlen died in 1979--so he must have found out.

Re:

[Hari Pota]

I dont recall how he excused that its been ten years since i read his autobiography. of course he knew when he was head of intelligence for west germany -- after all the us took him in -- i just like to bring him up to piss off the gru putin fan boys if there are any.. its surprising the japanese nor germans seemed to suspect. Hitler was too high on cocaine and strychnine anyway.

Tulsi Gabbard

[RoccamOccam]

The Durham Report is the discovery that Hillary Clinton had paid for spying on the Trump campaign and later on, inside the office during Trump’s presidency. The report shows that the Russian collusion narrative used by Democrats that was generated against Donald Trump was, in fact, all a bald-faced lie.

“What’s being revealed here, Jesse, is the truth,” said Tulsi Gabbard (former Democrat Congresswoman). “Hillary Clinton and the powerful elite in this country manufactured this

Re:

[gtall]

Durham Report has been debunked by Durham (from the NYT):

        "The special counsel implicitly acknowledged that White House internet data he discussed, which conservative outlets have portrayed as proof of spying on the Trump White House, came from the Obama era."

https://www.nytimes.com/2022/0... [nytimes.com]

Do try to keep up.

Re:

[RoccamOccam]

Try to keep up with what? A laughably transparent spin from the New York Times where the reporter's lead sentence is telling us what was implied? What a complete and utter failure of journalistic standards. Where are the quotes from Durham that say what the "reporter" is inferring? I certainly don't see anything remotely similar to that.

In the past, journalists would report what was said. If they wanted to balance the article, they would would get quotes from named sources. Eventually this devolved to

Facts Machine

[Anonymous Coward]

The Russians also shot down a civilian airliner (MH17) in 2014.

Becha it's a false flag operation

[Wizardess]

China's CCP run PLA has more reason to hack the US than Russia. Russia has creative people of its own. The CCP operates in conditions that do not breed creative thought processes. They can copy well. They cannot create as a general rule. And their national exam breeds an anti-teamwork ethos into all Chinese.

{^_^}

Re:

[AmiMoJo]

Maybe it's a false-false flag operation, it was Russia but they put out propaganda telling people it was a Chinese false-flag op. Hey, maybe you are a Russian bot!

Seriously though, operating on the assumption that Chinese people are not creative and can't work in teams is why they are getting ahead on R&D now, e.g. 5G and newer WiFi standards, or EV batteries. Chinese built Teslas have better batteries than the US built ones.