Skip to content

US military and defence contractor credentials are up for sale

  • by
  • 2 min read

Illustration: Supimol Kumying | Shutterstock

Several US agencies and six defence contractors have been victims of infostealer malware intrusions. Security researchers also discovered that one can purchase compromised data belonging to employees in the sector for as low as $10.

A report from security firm Hudson Rock claims that 472 third-party credentials were exposed in total. The compromised users belong to companies like Boeing, BAE Systems, Cisco, Honeywell, Microsoft, Leidos, Lockheed Martin, and L3Harris. Infostealer infections in the US Army, Navy, FBI, and Government Accountability Office (GAO) systems were also found.

The leaked credentials pose a serious security threat, as the report outlines in Honeywell’s example. The company’s compromised infrastructure includes its internal intranet, Active Directory Federation Services login, and the Identity and Access Management system. In total, 398 infected employees and 18,527 infected users were infected. Just one of the compromised employees had access to 56 corporate credentials to Honeywell’s infrastructure and 45 other third-party credentials.

This is an image of us army leaked credentials
Compromised data from a US military system being sold on a cybercrime forum. Source: Hudson Rock

As the report rightly points out, “if Infostealers can breach Lockheed, Boeing, the U.S. Army, and the FBI, they can breach anyone.” With business, and government departments increasingly depending on each other, a supply chain attack of this scale can easily compromise most organisations. Infections found in US agencies indicate that an adversary “could move laterally inside military systems.”

These threats aren’t hypothetical or new. In December 2024, the US Treasury Department declared a major incident after facing a breach that resulted from BeyondTrust — one of its vendors — being compromised. Most common infostealer malware, including Lumma, Vidar, RedLine, and Medusa, can easily skim data from a compromised system in under a minute. Regardless of how well-protected an organisation is, such intrusions prove that cybersecurity defences can always be compromised.

In the News: NordLayer unveils enterprise browser to strengthen enterprise security

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of spyware on pc

Russian hosting provider abused for malware delivery

What is a hack? 9 different types of hackers you must know about

Kimsuky-linked APT campaign exploits RDP and MS Office flaws

This is an image of instagram featured

Meta expands AI-powered age verification on Instagram

This is an image of gmail featured 134

Google OAuth flaw exploited to bypass Gmail security filters

This is an image of data breach featured

Legends International suffers data breach affecting employees and venue visitors

This is an image of cyber security hacked breach

Freshly discovered Windows vulnerability already exploited in the wild

>