In October 2024, General Dynamics (GD), a prominent name in aerospace and defense, confirmed a data breach impacting employee benefits accounts. The breach, detected on October 10, affected 37 individuals, including two residents of Maine. Attackers accessed sensitive personal data and bank details, with some accounts experiencing unauthorized changes.
The incident originated from a phishing campaign targeting a third-party login portal for Fidelity’s NetBenefits Employee Self Service system. Through a fraudulent ad campaign, attackers redirected employees to a spoofed login page resembling the legitimate portal. Employees who entered their credentials inadvertently provided access to their accounts. The compromised data included:
In some cases, attackers altered direct deposit information in affected accounts. The breach began on October 1, 2024, but was only discovered by General Dynamics on October 10. Once identified, access to the compromised portal was suspended, and affected employees were promptly notified. Written instructions were sent to reset credentials and secure accounts. Forensic experts were engaged to assess the breach, determine its scope, and address vulnerabilities.
Company’s Response and Support
General Dynamics emphasized that the breach was isolated to the third-party login portal and did not compromise its internal systems. In a report to the Maine Attorney General’s Office, the company stated, “Available evidence indicates that the unauthorized access occurred through the third party and not directly through any GD business units.”
To assist affected individuals, General Dynamics is offering two years of free credit monitoring services. Impacted employees were advised to:
For additional support, the company provided resources and contacts to address employee concerns.
Previous Cybersecurity Incidents
This is not the first cybersecurity challenge faced by General Dynamics. In June 2024, its Spanish subsidiary, Santa Barbara Systems, was targeted by a pro-Russian hacker group in a distributed denial-of-service (DDoS) attack. While the incident caused temporary website disruption, no sensitive data was compromised.
Earlier, in March 2020, a ransomware attack on Visser Precision, a General Dynamics subcontractor, exposed sensitive data through the DoppelPaymer ransomware group. Although General Dynamics’ internal systems were not directly impacted, the incident highlighted vulnerabilities in supply chain cybersecurity.
These recurring incidents highlight the persistent threats faced by defense companies and underscore the critical need for robust cybersecurity measures to protect sensitive data. General Dynamics’ swift response and ongoing vigilance demonstrate its commitment to addressing cybersecurity challenges and safeguarding its employees and systems.
During the latest wave of cyberattacks, foreign embassies have been the target of a malicious group known as APT29. They have employed a highly complex attack method that takes advantage of weaknesses in WinRAR, a widely used file compression software. There have been shockwaves throughout the cybersecurity world due to this worrisome disclosure, leading to immediate action to strengthen digital defenses.
According to reports from cybersecurity experts, APT29 has ingeniously employed the NGROK feature in conjunction with a WinRAR exploit to infiltrate embassy networks. The NGROK service, designed for secure tunneling to localhost, has been repurposed by hackers to conceal their malicious activities, making detection and attribution a formidable challenge.
WinRAR, a widely used application for compressing and decompressing files, has been targeted due to a specific vulnerability, identified as CVE-2023-38831. This flaw allows the attackers to execute arbitrary code on the targeted systems, giving them unfettered access to sensitive information stored within embassy networks.
The attacks, initially discovered by cybersecurity researchers, have been corroborated by the Ukrainian National Security and Defense Council (RNBO). Their November report outlines the APT29 campaigns, shedding light on the extent of the damage inflicted by these cyber intruders.
The fact that foreign embassies are specifically being targeted by this onslaught is very disturbing. Because these organizations handle so much private, political, and diplomatic data, they are often the focus of state-sponsored cyber espionage. The attackers' capacity to take advantage of flaws in popular software, such as WinRAR, emphasizes the necessity of constant watchfulness and timely software updates to reduce any threats.
Cybersecurity professionals advise companies, particularly those in delicate industries like diplomacy, to conduct extensive security assessments, quickly fix holes, and strengthen their defenses against ever-evolving cyber attacks in reaction to these disclosures. The APT29 attacks highlight the significance of a multi-pronged cybersecurity strategy that incorporates advanced threat detection methods, personnel awareness training, and strong software security procedures.
International cybersecurity organizations must work together as governments struggle with the ever-changing world of cyber threats. The APT29 attacks are a sobering reminder that the digital sphere has turned into a combat zone and that, in order to preserve diplomatic relations and maintain national interests, defense against such threats necessitates a united front.
OX security, the first end-to-end software supply chain security solution, recently announced the launch of OSC&R (Open Software Supply Chain Attack Reference), the first and only open framework for evaluating and understanding current threats to entire supply chain security.
Talks with hundreds of industry leaders disclosed an urgent need for a MITRE-like framework that would let experts better understand and evaluate supply chain risk, a process that to date was only based on experience and intuition. OSC&R is built to give a common language and structure for analyzing and understanding TTPs- tactics, techniques, and procedures used by threat actors to disrupt the security of software supply chains.
Dark Reading reports, "The founding consortium of cybersecurity leaders behind OSC&R include David Cross, former Microsoft, and Google cloud security executive; Neatsun Ziv, Co-Founder and CEO of OX Security; Lior Arzi, Co-Founder and CPO at OX Security; Hiroki Suezawa, Senior Security Engineer at GitLab; Eyal Paz, Head of Research at OX Security; Phil Quade, former CISO at Fortinet; Dr. Chenxi Wang, former OWASP Global Board member; Shai Sivan, CISO at Kaltura; Naor Penso, Head of Product Security at FICO; and Roy Feintuch, former Cloud CTO at Check Point Technologies."
OSC&R is now ready for use by security teams to analyze existing defenses and define which threats need to be addressed first, how existing coverage deals with these threats, and also to help in behavior tracking of threat actor groups.
Hiroki Suezawa, Senior Security Engineer at Gitlab said "OSC&R helps security teams build their security strategy with confidence. We wanted to give the security community a single point of reference to proactively assess their own strategies for securing their software supply chains and to compare solutions,"
The OSC&R framework will update as new techniques and strategies will evolve and emerge. It will also help red-teaming activities by setting the scope needed for a red team or pentest exercise, serving as a scorecard. The framework will also be open for other cybersecurity experts and leaders who can offer help to OSC&R.
"Trying to talk about supply chain security without a common understanding of what constitutes the software supply chain isn't productive. Without an agreed-upon definition of the software supply chain, security strategies are often siloed," said Neatsun Ziv, who also worked as Check Point's VP of Cyber Security before founding OX.
OX Security believes that security must be at the core of the software development process, not an afterthought. It stops attacks across your software supply chain. Automatically block risks introduced into the pipeline and ensure the integrity of each workload, all from a single location.
It provides complete visibility and end-to-end traceability over your software pipeline security from cloud to code. OX security also helps you manage your findings, orchestrate DevSecOps activities, prevent risks, and maintain software pipeline integrity from a single location.
Cybersecurity platform CrowdStrike reported a supply chain attack that involved the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. The application suffered an attack from 27 September to 29, 2022.