Russian hackers managed to trick a whopping 40 percent of 87 American "key" defense contractors into clicking on fake, malicious links sent to them via email. This exposure could have then potentially led to the theft of classified information, a new investigation by the Associated Press has revealed. The report suggests that Russian hackers "clearly exploited a national vulnerability in cybersecurity: poorly protected email and barely any direct notification to victims".
However, what exactly was stolen - if anything was - remains unclear. The attackers behind this campaign against defense contractors belong to the notorious Russian hacking group known as Fancy Bear, APT28, STRONTIUM, and Tsar Team. The group is known in the cybersecurity industry for being affiliated with the Russian military intelligence agency, GRU.
The group is also popular for constantly trying to target government and military personnel in the United States and has been associated with the attacks on the Democratic National Committee ahead of the 2016 US elections. However, the latest investigation won't surprise anyone following the cybersecurity stories in the past couple of years since both the US and the Russian agencies are always on the lookout for vulnerabilities and backdoors to target critical systems and/or government personnel.
No, it's not just "stupid" people who fall for phishing attacks regardless of what many like to believe
While it's become a common practice for security agencies to target each other, what may surprise many is the ease with which defense contractors were fooled. The uproar before, during and after the 2016 US Presidential election about the lack of proper security practices at the government and military level might have resulted in some change. However, this particular investigation focuses on attacks that happened until May 2016 and reveals a staggering number of workers employed in highly sensitive organizations fell for simple phishing tricks.
The AP identified the defense and security targets from about 19,000 lines of email phishing data created by hackers and collected by the U.S.-based cybersecurity company Secureworks, which calls the hackers Iron Twilight. The data is partial and extends only from March 2015 to May 2016. Of 87 scientists, engineers, managers and others, 31 agreed to be interviewed by the AP.
Most of the targets' work was classified. Yet as many as 40 percent of them clicked on the hackers' phishing links, the AP analysis indicates. That was the first step in potentially opening their personal email accounts or computer files to data theft by the digital spies.
It appears that even those working for sensitive organizations continue to fall for social engineering campaigns that many in the tech industry like to believe can only trick common users.
"I clicked on it and instantly knew that I had been had," one retired Air Force major general said about an email that looked like a Google security alert but was actually sent by the Russian hackers. In this case, the General realized his mistake before entering his credentials, saving any exposure.
Russian hackers focused on people working on militarized drones, missiles...
This particular campaign by Fancy Bear focused on people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms, and other sensitive activities. AP reports that these targeted 87 people were working at "both small companies and defense giants like Lockheed Martin Corp., Raytheon Co., Boeing Co., Airbus Group and General Atomics," while some also worked for trade groups or were on corporate boards.
"The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies," Charles Sowell, a former senior adviser to the US Office of the Director of National Intelligence (DNI) and a target of this campaign, told the publication.
"And if those programs are compromised in any way, then our competitive advantage and our defense is compromised.
That's what's really scary"
AP report suggests that the Russian cyberspies appeared to be specifically interested in stealing drone technology, adding that "Russia has nothing that compares with the new-generation U.S. Reaper, which has been called 'the most feared' US drone". Adding to this fear, drone consultant Keven Gambold who was another target of this campaign said that the espionage could help Russia catch up with the Americans. "This would allow them to leapfrog years of hard-won experience."
It is unclear if this particular hacking and espionage campaign helped the Kremlin, but the same report claims that the country has been making some significant advancements in the industry, with the Russian Deputy Prime Minister Dmitry Rogozin boasting in 2017 that the technological gap between Russia and the US "has been sharply reduced and will be completely eliminated in the near future".