Phishing emails were sent to DoD vendors to capture login credentials on lookalike vendor payment website. The hackers then routed payments to shell entity.
New CMMC 2.0 pares down the scope of the original requirements, allowing greater flexibility and relaxing the rules for DoD contractors and subcontractors who do not directly handle sensitive or classified information.