Russian hackers affiliated with GRU took aim at 87 employees working for defense contractors, code shows.
Russian hackers affiliated with GRU took aim at 87 employees working for defense contractors, code shows.

Russian hacking group Fancy Bear, whose interference in the U.S. presidential election set off a firestorm of concern in the security, defense and intelligence communities, has actively exploited weakspots in the email systems of defense contract workers to access top secret information on U.S. defense technology, including drones.

Just as they did with former Hillary Clinton Campaign Manager John Podesta and members of the Democratic National Committee (DNC) as well as other organizations and persons affiliated with the Democrats, Fancy Bear tricked employees at companies like Boeing, Lockheed Martin, General Atomics, Raytheon Co., and Airbus Group into handing over their credentials, the Associated Press (AP) found after reviewing 19,000 lines of email phishing data from Secureworks that had been generated by the hackers and after interviewing 31 of the 87 attack targets.

“The programs that they appear to target and the people who work on those programs are some of the most forward-leaning, advanced technologies,” the AP quoted former Director of National Intelligence (DNI) Senior Adviser Charles Sowell, who reviewed the list of names for the AP. “And if those programs are compromised in any way, then our competitive advantage and our defense is compromised.” 

Noting that “employees working on sensitive projects like militarized drones, rockets, missiles, etc. should expect to be targeted by nation-state level attackers,” Obsidian Security CTO and Co-founder Ben Johnson said “the fact that Fancy Bear is targeting personal Gmail accounts highlights how the security perimeter has dissolved.”

It's clear that “hackers aren't trying to bust open networks,” but rather are “stealing identities, which is a much easier proposition,” Johnson said. “It's now incumbent upon the user to defend the organization, and the security team has to create the equivalent of cyber bodyguards to help them.”