U.S. Military and Defense Contractors Affected by Infostealer Malware.

Recent information reveals that military agencies and defense contractors in the United States have suffered infections from Infostealer malware, which allows criminals to steal credentials and confidential information from official devices. A report has indicated that for prices as low as $10 per computer, criminals can acquire stolen data from employees working in classified defense and military sectors.

Infostealer is a type of malware that has become a fundamental tool for cybercriminals. As its name suggests, this type of malicious software is used to collect sensitive information stored on victims’ devices, typically for fraud or extortion purposes, and in this case, potentially related to confidential data that could affect national security.

Investigations have pointed out that employees of six contractors, including Lockheed Martin, BAE Systems, Boeing, Honeywell, L3Harris, and Leidos, have been victims of such attacks. These companies are responsible for developing advanced military technology, including warships and F-35 fighter jets, with Lockheed Martin recently receiving contracts worth $5.1 billion from the Department of Defense in 2024.

The total number of exposed third-party corporate credentials amounts to 472, affecting companies like Cisco, SAP, and Microsoft. The growing interdependence among businesses, organizations, and government departments has facilitated attacks through supply chain vendors. An example of the risk was observed in a breach of Honeywell's infrastructure, where 398 infected employees and 18,527 compromised users were identified over time, highlighting how critical a single breach can be.

In addition to contractors, infections were also identified in systems of the U.S. Army, Navy, FBI, and Government Accountability Office (GAO). In these cases, local authentication data was found, suggesting that an adversary could move laterally within military systems.

Third-party data breaches represent a significant concern in terms of security. A recent analysis indicates that 98% of European companies experienced a breach related to third parties in the past year. In 2024, the U.S. Department of the Treasury declared a "major incident" after suffering a breach through a vendor, underscoring the real dangers presented by these threats to national security.

The report emphasizes the severity of the situation by stating that if Infostealers can compromise companies like Lockheed, Boeing, the U.S. Army, and the FBI, they have the capability to infiltrate any organization. The most common infostealers include Lumma Stealer, Vidar, RedLine, and Medusa, which are capable of exfiltrating data in less than a minute.

To protect themselves, it is crucial to maintain good cyber hygiene practices. Most of these threats are based on human errors, such as downloading infected files or bypassing security measures. Awareness and vigilance are the best defenses. It is advisable not to click on suspicious links, avoid unverified sites, and if working in sensitive industries, limit use to strictly official purposes.

Using proper malware removal software and implementing strong, unique passwords are vital steps for information protection. Additionally, organizations should conduct regular cybersecurity training sessions to educate their employees about the risks and severity of security breaches.

Evaluating the security posture of software providers and vendors can prevent critical breaches, considering that these can cost millions of dollars and cause significant damage to an organization's reputation.