Introduction
In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by state-sponsored actors and criminal groups alike. In recent years, Google Threat Intelligence Group (GTIG) has observed several distinct areas of focus in adversarial targeting of the defense industrial base (DIB). While not exhaustive of all actors and means, some of the more prominent themes in the landscape today include:
-
Consistent effort has been dedicated to targeting defense entities fielding technologies on the battlefield in the Russia-Ukraine War. As next-generation capabilities are being operationalized in this environment, Russia-nexus threat actors and hacktivists are seeking to compromise defense contractors alongside military assets and systems, with a focus on organizations involved with unmanned aircraft systems (UAS). This includes targeting defense companies directly, using themes mimicking their products and systems in intrusions against military organizations and personnel.
-
Across global defense and aerospace firms, the direct targeting of employees and exploitation of the hiring process has emerged as a key theme. From the North Korean IT worker threat, to the spoofing of recruitment portals by Iranian espionage actors, to the direct targeting of defense contractors’ personal emails, GTIG continues to observe a multifaceted threat landscape that centers around personnel, and often in a manner that evades traditional enterprise security visibility.
-
Among state-sponsored cyber espionage intrusions over the last two years analysed by GTIG, threat activity from China-nexus groups continues to represent by volume the most active threat to entities in the defense industrial base. While these intrusions continue to leverage an array of tactics, campaigns from actors such as UNC3886 and UNC5221 highlight how the targeting of edge devices and appliances as a means of initial access has increased as a tactic by China-nexus threat actors, and poses a significant risk to the defense and aerospace sector. In comparison to the Russia-nexus threats observed on the battlefield in Ukraine, these could support more preparatory access or R&D theft missions.
-
Lastly, contemporary national security strategy relies heavily on a secure supply chain. Since 2020, manufacturing has been the most represented sector across data leak sites (DLS) that GTIG tracks associated with ransomware and extortive activity. While dedicated defense and aerospace organizations represent a small fraction of similar activity, the broader manufacturing sector includes many companies that provide dual-use components for defense applications, and this statistic highlights the cyber risk the industrial base supply chain is exposed to. The ability to surge defense components in a wartime environment can be impacted, even when these intrusions are limited to IT networks. Additionally, the global resurgence of hacktivism, and actors carrying out hack and leak operations, DDoS attacks, or other forms of disruption, has impacted the defense industrial base.
Across these themes we see further areas of commonality. Many of the chief state-sponsors
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: