Googleβs GTIG warns the defense industrial base is under a constant, multi-vector siege from state-sponsored actors and criminal syndicates that aim to steal secrets, disrupt supply chains, and undermine national security. The report details attacks ranging from Russian groups targeting UAS and battlefield apps (e.g., APT44 using INFAMOUSCHISEL and TEMP.Vermin lures), to North Korean insider placements and Chinese exploitation of edge-device zero-days like those abused by UNC5221. #APT44 #INFAMOUSCHISEL
Keypoints
- The defense industrial base faces a sustained, multi-vector campaign by state and criminal actors.
- Russian groups focus on emerging technologies and battlefield tools, using lures and malware targeting UAS and personnel devices.
- North Korea uses recruited remote IT workers as insider threats to infiltrate contractors and funnel earnings to the regime.
- China-linked actors and groups like UNC5221 exploit edge-device zero-days to gain persistent access into supply-chain nodes.
- Pro-Russia and pro-Iran hacktivists conduct hack-and-leak and DDoS operations, prompting GTIG to urge defensive strategies beyond reactive measures.