We stop for a week for technical updates. Activities will resume regularly from February 7th.
Defense industries under attack by pro-Russia APTs. The numbers of attacks and data breaches confirm that the phenomenon is growing
The international defense industries, with particular attention to the US ones linked to the supply chain, are at the center of a cyber offensive. It is now established. Some time ago Defense and Security had talked about it with Luca Mella, Yoroi cybersecurity expert and creator of the DoubleExtortion platform. The researcher, thanks to its platform, had detected at least 25 companies targeted by cybercrime with ransomware as of December 24, 2021 and all had suffered double extortion attempts. The attacks, however, did not stop. On the contrary. There has been an escalation, so much so that the US Cybersecurity and Infrastructure Security Agency (CISA) on February 16, 2022 issued a warning on actors linked to Russia who are targeting Cleared Defense Contractors (CDC) of all sizes. The latest company to suffer a data breach was Mack Defense, which was hit by the Conti ransomware just a few days ago.
The crisis in Ukraine will worsen the scenario. Will we move from cyber espionage to cyber warfare?
The goal of cybercrime and Russian-related APTs always seems to be the same: to steal information about the products and technologies of the target companies. Moreover, the crisis in Ukraine and the consequent skyrocketing tensions between Washington-NATO-EU with Moscow will fuel this danger, further widening it. In the event of military escalation, in fact, there is a risk that the attacks will intensify further, passing from cyber espionage operations to real cyber warfare with an inhibitory or destructive purpose. This is why on February 18 the CISA cybersecurity experts released a sort of handbook on how to prepare to face and mitigate “foreign influence” operations against critical infrastructures.