State-sponsored cyber groups are increasingly targeting defence sector employees directly, exploiting hiring processes, personal devices, and individualized digital behaviors to gain access to sensitive information, according to a recent report by Google. The findings highlight a sustained wave of cyber-espionage aimed at defence companies and their wider industrial supply chains across Europe and the United States.
Unlike traditional attacks focused on corporate networks, these campaigns increasingly operate outside organizational boundaries. Hackers now engage employees on personal systems, making detection far more difficult. Recruitment channels have emerged as a major attack surface, with fake job offers, spoofed recruitment portals, and impersonated corporate recruiters used to harvest credentials or implant malware.
The scope of targets has expanded beyond core defence manufacturers to include smaller firms and indirect suppliers such as automotive and precision component companies. Attackers have also created spoofed versions of defence contractor websites across multiple countries in attempts to steal confidential data.
In conflict-related environments, cyber operations have become highly tailored. Military personnel, drone operators, journalists, and public officials have been targeted through compromised messaging apps, fake training programs, and impersonation of trusted organizations. In some cases, individuals were monitored for weeks before an attack was launched.
Google’s analysis shows that several state-linked groups are using advanced profiling techniques, including artificial intelligence, to study employees’ roles, locations, and personal interests. This enables highly convincing lures, such as fake school notices, charity events, election information, and invitations to security-related conferences.
The report notes a significant rise in cyber incidents, reflecting how international defence cooperation and military-related projects have expanded the pool of potential victims. Employees, contractors, engineers, and consultants involved in defence and security initiatives are increasingly viewed as prime targets, making cyber-espionage a growing transnational security challenge.
