Targeting of American defense contractors
Date of report
  • February 2022
Affiliations
  • Believed to be the work of Russia's government
For at least two years spanning from January 2020 through February 2022, Russian state-sponsored threat actors targeted American cleared defense contractors (CDCs) to acquire and exfiltrate sensitive data and export-controlled technology. These CDCs were contracted by the Department of Defense (DoD) and the U.S. Intelligence Community in areas including command and control, intelligence, surveillance, and weapon development. Threat actors used brute force techniques to collect credentials and sent spear-phishing emails embedded with malicious links. 
Suspected victims
  • American defense contractors
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Government
  • Private sector
Victim government reaction
  • Yes
Policy response