A newly released analysis from Google is sounding the alarm after the discovery that America’s defense industrial base is under sustained cyberattack from foreign adversaries.
The new report from Google Threat Intelligence found that the U.S. defense industrial base, the vast network of public and private entities that develop and maintain military weapons systems, has been targeted in recent months.
The attacks are led by state-linked groups and criminal organizations tied to China, Russia, and North Korea.
According to Google, the Chinese regime and its affiliated cyber units “continue to represent by volume the most active threat to entities in the defense industrial base,” posing what the company described as a “significant risk to the defense and aerospace sector.”
China Identified as Most Aggressive Threat
Google stated that it “has observed more China-nexus cyber espionage missions directly targeting defense and aerospace industry than from any other state-sponsored actors over the last two years.”
These operations reportedly rely on a broad range of tactics. However, the report noted a consistent pattern:
“But the hallmark of many operations has been their exploitation of edge devices to gain initial access,” the report said, referring to hardware components located at the edge of a network.
The company also warned:
“We have also observed China-nexus threat groups leverage ORB networks for reconnaissance against defense industrial targets, which complicates detection and attribution.”
The findings follow prior warnings from U.S. and Canadian officials that Chinese state-backed hacking groups have gained long-term access to government and private-sector systems.
In July 2025, Microsoft disclosed that two China-based groups, Linen Typhoon and Violet Typhoon, were exploiting vulnerabilities in SharePoint, Microsoft’s collaboration software platform.
Russia Targeting Drone and War Technologies
Google’s report also identified Russian-linked actors as aggressively targeting defense firms connected to technologies used in the ongoing Russia–Ukraine war.
“As next-generation capabilities are being operationalized in this environment, Russia-nexus threat actors and hacktivists are seeking to compromise defense contractors alongside military assets and systems, with a focus on organizations involved with unmanned aircraft systems (UAS),” the report said.
Google added:
“This includes targeting defense companies directly, using themes mimicking their products and systems in intrusions against military organizations and personnel.”
The focus on drone technology and next-generation systems underscores how modern warfare is increasingly driven by cyber operations aimed at degrading supply chains and stealing sensitive capabilities before they reach the battlefield.
AI Tool Gemini Leveraged in Reconnaissance
The report also revealed that state-sponsored hackers have attempted to leverage Google’s own AI system, Gemini, as part of their cyber operations.
One China-linked group known as “UNC2970” has targeted defense companies while impersonating corporate recruiters in spear-phishing campaigns.
Google said these actors used Gemini to conduct open-source intelligence gathering to “profile high-value targets to support campaign planning and reconnaissance,” including searches related to defense and cybersecurity firms.
The use of AI for reconnaissance marks a new phase in cyber conflict, where advanced tools can accelerate targeting and intelligence preparation.
North Korea Posing as IT Workers
Google further warned that North Korea’s cyber threat has grown since 2019, with regime-linked actors attempting to infiltrate American companies by posing as IT professionals.
Last July, the U.S. Department of Justice announced it had disrupted an operation involving searches across 29 locations in more than a dozen states tied to laptops used to secure remote jobs at over 100 U.S. companies.
In one case cited by Google, North Korea-linked actors stole sensitive data from a California defense company involved in artificial intelligence development.
In a separate case, a Maryland-based individual, Minh Phuong Ngoc Vong, was sentenced to 15 months in prison for facilitating a North Korean-linked scheme.
According to the report, the individual coordinated with an alleged regime IT worker who had been hired by a Virginia-based firm to perform software development for a defense contractor.
A Growing Strategic Risk
The findings paint a stark picture as America’s defense ecosystem is not only competing with adversaries on the battlefield but also defending against persistent digital infiltration at home.
China appears to be leading in scale and intensity.
Russia is targeting battlefield-relevant systems.
North Korea is pursuing covert infiltration through employment fraud and data theft.
The convergence of cyber espionage, AI-enabled reconnaissance, and supply-chain infiltration underscores the expanding threat landscape facing U.S. national security and the increasing urgency of hardening the defense industrial base against foreign intrusion.
Our comment section is restricted to members of the Slay News community only.
To join, create a free account HERE.
If you are already a member, log in HERE.