Google says state-sponsored hackers are increasingly targeting defense companies
What's the story
A recent report by Google has revealed that state-sponsored cyber-espionage campaigns are increasingly targeting defense companies, their hiring processes, and employees. The study highlights a "relentless barrage of cyber operations," mainly from state-sponsored groups, against the industrial supply chains in the EU and US. The scope of these attacks has expanded to include a wider range of targets within the industrial base of both regions.
Targeted attacks
Personalized attacks on individuals
Luke McNamara, an analyst with Google's threat intelligence group, has observed a rise in "personalized" and "direct to individual" targeting of employees. He said these threats are harder to detect when they occur on an employee's personal system outside a corporate network. The report also highlights an increase in extortion attacks against smaller companies not directly involved in the defense supply chain.
Broad targeting
Russian intelligence's broad attack strategy
A recent attack by a group linked to Russian intelligence shows just how broad the network has become. The hackers tried to steal information by impersonating the websites of hundreds of leading defense contractors from countries like the UK, US, Germany, France, Sweden, Norway, Ukraine, Turkey, and South Korea. Russia has also developed specific hacks for compromising the Signal and Telegram accounts of Ukrainian military personnel as well as journalists and public officials.
Individualized attacks
Individualized cyberattacks on defense personnel
Dr. Ilona Khmeleva, Secretary of the Economic Security Council of Ukraine, has revealed that many cyberattacks against Ukrainian military personnel were individualized. Some potential targets were monitored for weeks before an attack. Ukrainian authorities have clocked a 37% increase in cyber incidents from 2024 to 2025, highlighting the growing threat of these attacks on defense sector employees.
Recruitment ruse
North Korean hackers impersonating corporate recruiters
North Korean hackers have been impersonating corporate recruiters in campaigns against leading defense contractors. They use AI to extensively profile the employees, their roles, and potential salaries to "identify potential targets for initial compromise." These campaigns have been very successful; last summer, the US Justice Department found that North Koreans had secured jobs as "remote IT workers" at over 100 US companies.
Scams
Iranian and Chinese hacker groups also exploiting vulnerabilities
Iranian state-sponsored groups have also been using spoof job portals and fake job offers to obtain credentials of defense firms and drone companies. Meanwhile, APT5, a China-linked group, has targeted workers of aerospace and defense companies with emails and messages that are tailored to their geographical location, personal life, and professional roles. This includes fake communications from organizations such as the Boy Scouts of America or nearby secondary schools for parents of young children.