For at least two years spanning from January 2020 through February 2022, Russian state-sponsored threat actors targeted American cleared defense contractors (CDCs) to acquire and exfiltrate sensitive data and export-controlled technology. These CDCs were contracted by the Department of Defense (DoD) and the U.S. Intelligence Community in areas including command and control, intelligence, surveillance, and weapon development. Threat actors used brute force techniques to collect credentials and sent spear-phishing emails embedded with malicious links.