Google warns of cyber siege on defense companies

Cybernews reports that Western defense companies and their employees are facing an escalating wave of state-backed cyber-espionage, according to a new Google report.

Google's Threat Intelligence Group warns of a "relentless barrage of cyber operations" aimed at Europe's defense industrial base, with drone makers and advanced weapons developers emerging as top targets. Attackers are seeking to steal research, disrupt production, and gain insight into next-generation battlefield systems. Russia-linked actors are cited as primary offenders, particularly in connection with the war in Ukraine, focusing heavily on unmanned aircraft technologies and related suppliers. A phishing campaign attributed to the cluster UNC5976 used malicious Remote Desktop Protocol files and spoofed domains impersonating defense firms across multiple countries.

Smaller manufacturers, including automotive and component suppliers, are also experiencing extortion attempts, signaling broader supply chain targeting. Google says adversaries, including Russia, Iran, China, and North Korea, are exploiting hiring processes, personal accounts, and remote work setups, concluding that the defense sector is under "constant, multi-vector siege."