CISA Alert AA22-047A – Russian state-sponsored cyber actors target cleared defense contractor networks to obtain sensitive US defense information and technology.

CISA, the FBI, and NSA have observed Russian state-sponsored cyber actors regularly target US cleared defense contractors from at least January 2020 through February 2022. The actors have targeted both large and small defense contractors and subcontractors with varying levels of cybersecurity protocols and resources. These defense contractors support contracts for the US Department of Defense (DoD) and Intelligence Community in command, control, communications, and combat systems; intelligence, surveillance, reconnaissance, and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers, and logistics. 

AA22-047A Alert, Technical Details, and Mitigations

Russia Cyber Threat Overview and Advisories

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.