State-Sponsored Hackers Target Defence Workers Through Hiring Processes, Google Warns

State-sponsored hackers are increasingly targeting defence sector employees directly, using recruitment and hiring processes as entry points for cyber-espionage, according to a new Google threat intelligence report released ahead of the Munich Security Conference.

The report describes a sustained rise in cyber-espionage campaigns aimed at defence companies, their supply chains, and individual workers across the US and Europe. While defence firms have long been prime targets, Google says attacks are now more personalised, shifting away from corporate networks to employees’ personal devices, making detection harder.

Google’s analysts say hackers are exploiting vulnerabilities in job applications, fake recruitment portals and spoofed company websites to steal sensitive credentials. Smaller firms outside the core defence supply chain, including carmakers and component manufacturers, are also being targeted, reflecting the expanding scope of cyber-espionage activity.

Russian-linked groups have reportedly attempted to harvest data by cloning websites of major defence contractors across multiple countries, while also developing tools to compromise messaging apps used by Ukrainian military personnel and officials. Ukraine recorded a 37% rise in cyber incidents between 2024 and 2025, underscoring the growing intensity of attacks linked to the war.

Beyond Europe, North Korean hackers have impersonated recruiters to infiltrate defence firms, with US authorities previously uncovering cases where operatives secured remote IT jobs at more than 100 companies. Iranian and Chinese state-linked groups have also deployed tailored phishing campaigns, using detailed personal profiling to deceive employees.

Experts warn that as defence projects become increasingly global, cyber-espionage threats are no longer confined to national borders but represent a widening international security and economic risk.