This post is also available in:
עברית (Hebrew)
A new report by Israeli cybersecurity firm Hudson Rock has revealed that infostealer malware is infiltrating the U.S. military and defense contractors, posing a grave threat to national security. Despite the large sums of money invested in advanced cybersecurity measures, the malware has managed to compromise hundreds of computers within the Army, Navy, FBI, and major defense contractors like Lockheed Martin, Boeing, and Honeywell.
Hudson Rock’s findings show that nearly 400 Honeywell employees have fallen victim to infostealers, with dozens of workers from other prominent companies like Boeing, Lockheed Martin, and Leidos also infected.
Hudson Rock’s report highlighted that the malware exfiltrated critical information, including login credentials, email access, and classified procurement data. Over 470 third-party corporate credentials, including those for Microsoft, Cisco, and SAP, have also been exposed, increasing the threat of further breaches.
The infostealers work by waiting for users to unknowingly download malicious code, often disguised as pirated software or infected documents. Once activated, the malware silently collects a range of data, such as session cookies, email logins, development tools, and even autofill information. In one example, browser history and outlook and confluence credentials were stolen from Navy personnel’s systems. The stolen credentials end up on dark web marketplaces, where hackers can purchase them at shockingly low prices. Hudson Rock was able to find that a compromised computer containing sensitive military credentials was being sold for just $10.
The researchers raise critical concerns about the potential consequences if hostile nation-states gain access to such information. As the report asks, “How long would it take them to breach deeper into classified military systems?” With over 30 million devices infected in recent years, the threat of infostealers is growing, and their ability to compromise the defense industry should not be underestimated.
