A Russian hacking group known as Fancy Bear, thought to be associated with the Russian military intelligence agency GRU, has gained access to key defense contractors’ emails reports the Associated Press.
It is uncertain exactly what was stolen during the breach, but the hackers have clearly exploited a national vulnerability in cyber security. Employees in companies ranging from small defense contractors to defense giants like Lockheed, Raytheon, Boeing, Airbus, and General Atomics were among those targeted.
The email accounts of employees of contractors working on military drones, missiles, rockets, stealth fighter jets, cloud-computing platforms and other sensitive areas were targeted by the group of hackers. The method employed to target the employees was a classic. Their emails were sent a phishing email that claimed someone had stolen their email password. Other emails asked targets to “click here to reset your password” or to open a file shared by someone they may or may not know. These are basic attacks all employees working on even the most basic of classified systems should be aware of, let alone those working on cutting edge technologies.
The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies, said Charles Sowell, a former senior adviser to the U.S. Office of the Director of National Intelligence, who reviewed the list of names for the AP. And if those programs are compromised in any way, then our competitive advantage and our defense is compromised.
That’s what’s really scary, added Sowell, who was one of the hacking targets. […]
[…] The AP identified the defense and security targets from about 19,000 lines of email phishing data created by hackers and collected by the U.S.-based cybersecurity company Secureworks, which calls the hackers Iron Twilight. The data is partial and extends only from March 2015 to May 2016. Of 87 scientists, engineers, managers and others, 31 agreed to be interviewed by the AP.
Most of the targets’ work was classified. Yet as many as 40 percent of them clicked on the hackers’ phishing links, the AP analysis indicates. That was the first step in potentially opening their personal email accounts or computer files to data theft by the digital spies. […][…] Cybersecurity experts say it’s no surprise that spies go after less secure personal email as an opening to more protected systems. “For a good operator, it’s like hammering a wedge,” said Richard Ford, chief scientist at the Forcepoint cybersecurity company. “Private email is the soft target.”
Some officials were particularly upset by the failure to notify employees of cloud computing companies that handle data for intelligence agencies. The cloud is a “huge target for foreign intelligence services in general — they love to get into that shared environment,” said Sowell, the former adviser to the Office of the Director of National Intelligence.
“At some point, wouldn’t someone who’s responsible for the defense contractor base be aware of this and try to reach out?” he asked.Even successful hacks might not translate into new weapons for Russia, where the economy is weighed down by corruption and international sanctions.
However, experts say Russia, while still behind the U.S., has been making more advanced drones in recent years. Russian officials have recently been bragging as their increasingly sophisticated drones are spotted over war zones in Ukraine and Syria. […]