Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityCybersecurity NewsGovernment: Federal, State and Local

US agencies and defense contractors infected with infostealing malware

By Jordyn Alger, Managing Editor
Coding on screen

Walkator via Unsplash

February 19, 2025

Infostealers by Hudson Rock claims that the United States Army, Navy, and major defense contractors (such as Lockheed Martin, Boeing, and Honeywell) have active infostealer infections.

For U.S. agencies, the report found the following infection numbers:

  • The U.S. Army had 71 infected employees and 1,319 infected users 
  • The U.S. Navy had 30 infected employees and 551 infected users
  • The FBI had 24 infected employees and 26 infected users

For the defense contractors, the report found the following infection numbers: 

  • Lockheed Martin had 55 infected employees and 96 infected users 
  • Boeing had 66 infected employees and 114 infected users
  • Honeywell had 398 infected employees and 472 infected users 

Additionally, the report found that cybercriminals were able to purchase stolen information from government agency or defense contractor employees for as little as $10.  

Security leaders weigh in 

Kent Wilson, Vice President, Global Public Sector at Bugcrowd:

This problem isn’t new, and it’s certainly not just beginning. The reality is that when an adversary targets an individual, eventual compromise is inevitable — whether it’s in the defense sector or the private sector. Human behavior remains the weakest link in security, and no amount of investment in classified networks or perimeter security can fully prevent an employee from unknowingly downloading infostealer malware that exposes credentials.

The lesson is clear: if you’re online, you’re a target. Every business — whether they serve the DOD or not — has employees who hold sensitive credentials that adversaries can exploit.

That said, there’s no reason to make it easy for attackers. Organizations need to stop treating cybersecurity as a one-time project and adopt continuous, proactive security programs. Traditional defenders are in a knife fight every day, and staying ahead of attackers is difficult. Bug bounties, red teaming, penetration testing, and vulnerability disclosure programs (VDPs) all help uncover security gaps before adversaries do. If you’re not actively testing your defenses and your people, attackers will do it for you.

Thomas Richards, Principal Consultant, Network and Red Team Practice Director at Black Duck:

The latest report from Hudson Rock is incredibly concerning given the nature of the data and the individuals targeted. The data stolen could allow an adversary into critical networks and take steps to compromise additional people and systems. While the most common vector for this type of attack would presumably be some sort of phishing attack, without having more details provided by the affected companies and agencies, this would be speculation. Affected users should have their passwords rotated immediately and a forensic investigation launched to determine how they were compromised and if attackers accessed information they shouldn’t have. This is a risk to U.S. national security.

Jason Soroko, Senior Fellow at Sectigo:

Infostealer infections in the U.S. military and top defense contractors expose a systemic cybersecurity lapse. Lax endpoint defenses, outdated patching protocols, and human error are enabling cheap breaches — even in high-stakes environments. If organizations with deep pockets and top talent are vulnerable, rank-and-file companies, often under-resourced and less rigorous, face even graver risks.

Companies must act now. Tighten security with zero trust architectures, continuous audits, and robust employee training. Update systems regularly, enforce strict access controls, and assume breach as a possibility. Cyber hygiene isn’t optional but should be considered a critical part of our defense in an era where a $10 exploit can topple even the most advanced networks.

KEYWORDS: enterprise cyber security information protection malware national security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordynalger

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Columns
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Trophy and soccer ball

Security Experts Discuss Threats to FIFA World Cup 2026

Soccer stadium

How the Current Iran-US Conflict May Impact World Cup Security

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • 5 minutes with Webster-Jacobsen

    5 minutes with Bryce Webster-Jacobsen - What the new CMMC Framework means for defense contractors

    See More
  • At Least 1 iPhone Infected with Malware in Every Large Organization

    See More
  • security-g771584b53_1920.jpg

    One-third of defense contractors vulnerable to ransomware

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Security of Information and Communication Networks

  • Photonic Sensing: Principles and Applications for Safety and Security Monitoring

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing