NATION-STATE Hackers Put Defense Industrial Base Under Siege documents how espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices to infiltrate defense contractors’ networks, underscoring the DIB as a high-value target.
In Google’s analysis highlighted by the author, China-linked attackers have continued to aggressively target defense firms and military contractors, with zero-day exploits used on edge devices to gain initial access, while Russian threat actors tied to Russian intelligence have targeted secure messaging apps used by Ukrainian military.
The piece quotes GTIG’s Luke McNamara and Levi Gundert of Recorded Future, stressing that pre-positioning is now a baseline and that attackers moving from edge footholds into privileged identities expands the blast radius.
Edge devices, including VPN appliances and security gateways from vendors such as Cisco, Citrix, Fortinet, Ivanti, Juniper, Palo Alto Networks and SonicWall, were linked to 26 exploited vulnerabilities in 2025 and 35 in 2024 per the KEV Catalog from CISA, with more than 100 vulnerabilities discovered in the past four years.
North Korean groups such as APT43 and UNC2970, and Iran-linked actors including UNC1549 and UNC6446, are also named as targeting defense firms and related sectors, according to Google’s analysis, illustrating how geopolitical tensions shape cyber operations in the defense domain. According to Google Threat Intelligence Group, defense-related organisations remain high-priority targets, while ESET’s “APT Activity Report” places government, technology and defence sectors among the most-targeted across regions. 13 February 2026