The Department of Homeland Security used a Lockheed Martin-built cybersecurity framework to evaluate cyber attacks that state-sponsored Russian hackers carried out against U.S. critical infrastructure sectors.
Lockheed’s Cyber Kill Chain framework provided information on the attackers’ activities, including reconnaissance, weaponization, delivery, exploitation, installation, command and control and actions on objectives, DHS’ U.S. Computer Emergency Readiness Team said March 15 in a technical alert.
U.S. CERT added that the actors conducted a multi-stage intrusion campaign against U.S. government entities and organizations in the energy, nuclear, commercial facilities, water, aviation and manufacturing sectors as early as March 2016.
DHS collaborated with the FBI to create the technical alert, which is meant to help network defenders identify and minimize exposure to cyber attacks.
Hackers initially targeted “peripheral organizations” including third-party suppliers with vulnerable networks to gain access to the systems of their intended victims.
Threat actors used various measures such as spear-phishing emails from hacked legitimate accounts; watering-hole domains; credential gathering; open-source and network reconnaissance; host-based exploitation; and attacks against industrial control systems.
DHS and the FBI recommended multiple detection and prevention measures that could help network users and administrators mitigate malicious activity.