Google warns of state-sponsored cyberattacks targeting defense sector employees

Google in a recently released report has warned of a surge in state-sponsored cyber attacks and espionage campaigns against defense companies.

According to the report, the US and EU have suffered "relentless barrage of cyber operations” mostly waged by the hostile state-backed groups.

Instead of targeting the global defense sector, the hackers have tended to adopt “direct-to-individual” targeting of employees, as suggested by Google’s threat intelligence group Luke McNamara.

They increasingly target employees on their personal devices and home networks. It is no mistake to say that attacks are no longer generic, moving past corporate servers and attacking “personal lives and psychological profiles of employees.”

For instance, a group linked to China APT5 has used data about an employee’s children, geographical location or local elections to send highly tailored phishing emails.

Similarly Russia has developed a specific method to compromise encrypted messaging apps like Signal and Telegram, targeting Ukrainian military personnel, public officials and journalists.

In a recent attack by a group linked to Russia, the hackers tried to steal worthy information by spoofing the websites related to defence contractors from the UK, the US, Germany, France, Sweden, Norway, Ukraine, Turkey, and South Korea.

“It’s harder to detect these threats when it’s happening on an employee’s personal system, right? It’s outside a corporate network. The whole personnel piece has become one of the major themes,” McNamara said.

Other groups have exploited loopholes in hiring processes of large companies. For example, North Korean and Iranian groups used spoofed job portals, AI tools and fake job offers to steal corporate credentials and secrets and “identify potential targets for initial compromise”.

According to the US Justice Department, North Korean operatives successfully secured "remote IT worker" positions at over 100 US companies to funnel salaries back to their government.

Dr Ilona Khmeleva, the secretary of the Economic Security Council of Ukraine, said, “Employees of foreign companies, contractors, engineers, and consultants involved in Ukraine-related projects may also become targets, making this a transnational security issue, not a purely national one.”