Key Defense Supplier Hit by Ransomware

A supplier to a number of major defense companies — including Lockheed Martin, Boeing, General Dynamics, and SpaceX — is the target of a ransomware attack. Documents purportedly stolen from Denver-based Visser Precision Manufacturing are already showing up online, according to Emsisoft, the cybersecurity company that made the attack public.

It’s a textbook example of a type of cyber attack the Pentagon is trying to prevent: going after a defense supplier that holds sensitive data yet is small enough to lack sophisticated cyber defenses.

DoppelPaymer, the ransomware used in the alleged attack, typically steals data before encrypting it on the victim’s computer, said Brett Callow, a threat analyst for Emsisoft. In February, the group running the DoppelPaymer malware set up a website for exposing files belonging to its victims, Callow said. 

“The actor has been active since the middle of last year, but has only started publishing data [stolen in the attack] in the last few days,” Callow said in an email to Defense One. 

Officials with Visser, whose website says it makes “precision parts for success in major industries, from the racetrack to outer space,” confirmed to TechCrunch that it was a victim of “criminal cybersecurity incident” and had data stolen, but now its “business is operating normally.”

The group’s recent victims appear also to include Pemex, an oil company owned by the Mexican government; and Citrix, a French telecom company, according to cybersecurity company FireEye. In the Citrix hack, attackers used a vulnerability published to the National Vulnerabilities Database. But Callow said he didn’t know the attack vector in the attack on Visser.

Among its customers is Lockheed Martin, for its missiles.

In an emailed statement, Lockheed spokesman Dean Acosta said, “We are aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain.” 

Acosta added, “Lockheed Martin has made and continues to make significant investments in cybersecurity, and uses industry-leading information security practices to protect sensitive information. This includes providing guidance to our suppliers, when appropriate, to assist them in enhancing their cybersecurity posture.”

In January, the Pentagon rolled out a plan for new cybersecurity standards for its suppliers.

“Both our National Security Strategy and National Defense Strategy rightly underscore the importance of defending against cyber attacks, which offer adversaries low-cost and deniable opportunities to seriously damage or disrupt critical infrastructure and capability,” Ellen Lord, defense undersecretary for acquisition and sustainment, told reporters on Jan. 31.

DoppelPaymer is a group of criminal hackers with no known connection to a specific state. The group apparently splintered from an older hacker group named INDRIK SPIDER, and uses a version of its Big Game Hunting malware, cybersecurity company CrowdStrike reported last July.

CrowdStrike also noted that the ransomware has some overlap with software created by Evgeniy Mikhailovich Bogachev, an infamous, FBI-wanted Russian hacker with ties to the Russian government.

Callow has not examined all of Visser’s files to see if they include classified or sensitive information. 

“The big question, though, is: What else did they get?” he said. “The [hacker group’s] website ... indicates they have more data than has currently been posted and plan to publish it in instalments.”