- A Feb. 10 report by Google Threat Intelligence warns that the U.S. defense industrial base is facing sustained cyberattacks from China, Russia and North Korea, with China-linked actors posing the most active threat.
- Chinese cyber-espionage groups have targeted more defense and aerospace organizations over the past two years than any other state-backed actors, often exploiting network edge devices and using ORB networks to evade detection.
- A China-linked group known as UNC2970 has impersonated corporate recruiters and used Gemini to gather open-source intelligence and profile high-value defense targets.
- Russian-linked hackers have focused on defense contractors supporting drone and unmanned aircraft systems tied to the war in Ukraine, while North Korean operatives have infiltrated firms by posing as IT workers, in some cases stealing sensitive AI-related data.
- Experts warn the defense sector is under "constant siege," urging organizations to shift from reactive cybersecurity to proactive threat hunting and resilient network architecture to safeguard emerging military technologies.
A new analysis warns that the U.S. defense industrial base has faced sustained cyberattacks in recent months from state-linked groups and criminal organizations connected to China, Russia and North Korea.
The report, issued Feb. 10 by Google Threat Intelligence, examined activity targeting the vast network of public and private entities responsible for developing and maintaining U.S. military weapons systems. Researchers found that China-linked actors remain the most active threat by volume.
According to the findings, China-linked cyber espionage operations have directly targeted more defense and aerospace organizations over the past two years than any other state-sponsored actors. These groups have used a broad range of tactics, but researchers said a recurring pattern has been the exploitation of edge devices, hardware components positioned at the outer boundaries of networks, to gain initial access
Google also reported observing China-affiliated groups leveraging ORB networks to conduct reconnaissance against defense industrial targets, a technique that can complicate detection and attribution efforts.
One Chinese-linked organization identified as UNC2970 has frequently targeted defense companies by impersonating corporate recruiters as part of its hacking campaigns. In some cases, the group used Google's own artificial intelligence tool, Gemini, to conduct open-source intelligence gathering. The report revealed that the tool was used to profile high-value targets and search for relevant information on defense and cybersecurity firms to support campaign planning.
No comments:
Post a Comment