The Defense Sector Has Become an El Dorado for Attackers
With threat actors aiming at every industry, the defense sector is becoming a target of choice among both individual cyberattackers and state-sponsored threat groups.
A bagful of tricks
- Hackers are approaching victims via social engineering methods, impersonating and carrying out watering hole attacks on target websites. In watering hole attacks, threat actors are deploying a malicious link onto a compromised domain, delivering info-stealer malware via social media platforms.
- The oldest trick in the cybercriminals’ book is sending spearphishing emails. Attackers send fraudulent messages with malicious Microsoft Office documents enclosing embedded macros to deploy their main payload.
- Attackers are employing backdoors capable of maintaining persistence on infected systems, listing and exfiltrating critical files, scouring drives, eliminating system processes, deleting content, and executing arbitrary code.
Some recent attacks on the defense sector
APT groups remain at the forefront of cyberattacks in search of information that can provide a military and economic edge to their sponsoring governments.
- Reportedly, an Iranian APT group named Charming Kitten was found impersonating journalists on WhatsApp and LinkedIn to launch sophisticated phishing attacks against the government, diplomacy, defense, and military sectors.
- Focused on surveillance and spying, the Transparent Tribe APT group revealed a new tool designed to infect USB devices in espionage campaigns against government and military personnel in India and Afghanistan.
- According to the CISA, BLINDINGCAN malware was deployed in attacks against U.S. and foreign companies functioning in the aerospace, military, and defense sectors. The agency attributed the attacks to cyberespionage campaigns tracked as Operation Dream Job and Operation North Star launched by the North Korean APT group, Lazarus.
- Known to attack diplomatic and infrastructure companies, CactusPete APT has started a campaign, targeting military and financial organizations across Eastern Europe with a new Bisonal backdoor variant.
With the growing dependency of defense organizations on online infrastructure, the sophistication of cyberattacks is on the rise. Consequently, the defense sector is striving to adopt robust cybersecurity solutions and strategies to protect their environment against cyberattacks from both state-backed and non-state threat groups.