State-Backed Hackers Are Coming for Defence Workers Personally

Governments Are Hacking People, Not Just Systems

A new report from Google's Threat Intelligence Group, released ahead of the Munich Security Conference, reveals that state-sponsored hackers from Russia, China, North Korea, and Iran are dramatically shifting their tactics. Rather than attacking corporate networks head-on, these groups are increasingly targeting individual defence industry employees through personal channels that sit outside company security controls.

The Human Layer Under Attack

The report warns that adversaries are exploiting the "human layer" of defence supply chains. Hackers are using recruitment platforms, personal email accounts, and secure messaging applications to reach their targets. One Google analyst noted that campaigns are moving toward "direct to individual" targeting, making threats much harder to detect when they occur on personal devices.

Four Nations, Four Approaches

Each nation brings distinct tactics. North Korean operatives have infiltrated more than one hundred American companies by posing as remote IT workers using stolen identities, with the US Department of Justice indicting eight international facilitators. Chinese groups represent the most active threat by volume, having exploited more than two dozen zero-day vulnerabilities in edge devices since twenty twenty. Russian actors have compromised Signal messaging accounts used by Ukrainian military personnel through malicious QR codes and device-linking exploits. Iranian groups have deployed fake job portals mimicking major aerospace firms to harvest credentials from drone and defence companies.

Ukraine on the Front Lines

Ukrainian authorities report a nearly seventy percent increase in cyber incidents from twenty twenty-three to twenty twenty-four, with the security and defence sector among the most frequently targeted. The notorious Russian group Sandworm has even linked Signal accounts from devices captured on the battlefield to attacker-controlled infrastructure.

A Growing Global Concern

The findings underscore a fundamental shift in cyber warfare strategy, where the weakest link is no longer a firewall or a server but the people who build and maintain defence technologies.