Thursday, May 8, 2025
HomeCyber Security NewsThreat Actors Using $10 Infostealer Malware to Compromise US Security

Threat Actors Using $10 Infostealer Malware to Compromise US Security

Published on

SIEM as a Service

Follow Us on Google News

A recent cybersecurity investigation has unveiled a troubling reality: U.S. military personnel and employees of major defense contractors, including Lockheed Martin, Boeing, and Honeywell, have been compromised by infostealer malware.

This inexpensive yet potent cyberweapon, available for as little as $10 per infected device on underground marketplaces, has exposed critical credentials, including access to classified systems and sensitive infrastructure.

Among the compromised entities are high-ranking personnel from the U.S. Army, Navy, FBI, and Government Accountability Office (GAO).

- Advertisement - Google News

These infections have jeopardized VPN credentials, email systems, multi-factor authentication (MFA) session cookies, and even classified procurement portals.

The implications extend beyond individual organizations to the broader national security apparatus.

How Infostealers Operate: A Silent Threat

Unlike traditional hacking methods that rely on brute force or exploitation of vulnerabilities, infostealers operate stealthily.

They infiltrate systems when users inadvertently download malicious files such as game modifications or pirated software and exfiltrate sensitive data.

This includes stored passwords, session cookies, autofill data, and even internal documents.

The stolen data is then sold on cybercrime marketplaces.

For instance, credentials linked to “army.mil” or “fbi.gov” domains have been discovered for sale at shockingly low prices.

These logs often include active session cookies that allow attackers to bypass MFA protections entirely.

Hudson Rock’s analysis revealed that over 30 million computers globally have been infected by infostealers.

Alarmingly, 20% of these devices contained corporate credentials, many belonging to employees in critical sectors like defense and government.

Case Studies: Honeywell and the U.S. Navy

The scale of the breaches is exemplified by two notable cases:

  1. Honeywell: Nearly 400 employees at this defense contractor were infected by infostealers, exposing credentials for internal systems such as SharePoint and SAP portals. One infected engineer alone had access to 56 corporate systems and 45 third-party integrations. This breach not only threatens Honeywell but also its supply chain partners like SpaceX and Palantir.
  2. U.S. Navy: Credentials from 30 Navy personnel were leaked, including access to platforms like Confluence and Citrix. This raises concerns about potential lateral movement within military networks by adversaries seeking to exploit these vulnerabilities.

These incidents underscore a systemic issue within the U.S. defense sector’s cybersecurity framework.

Even organizations with robust security measures remain vulnerable due to third-party risks introduced by compromised vendors or partners.

The breaches highlight how infostealers transform unsuspecting employees into insider threats by exposing their digital footprints.

Experts warn that this is just the beginning of a larger cybersecurity crisis unless proactive measures are adopted.

Enhanced monitoring for malware infections and stricter cybersecurity hygiene are critical for mitigating these risks in the future.

The revelations serve as a stark reminder: in today’s interconnected digital landscape, no organization, no matter how secure, is immune from compromise.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...