“Malicious hackers are using vulnerabilities in third party suppliers to gain access to government entities and critical infrastructure, according to a recent alert by the Department of Homeland Security’s United State’s Computer Emergency Readiness Team. ‘Since at least May 2017, threat actors have targeted government entities and the energy, water, aviation, nuclear and critical manufacturing sectors, and, in some cases, have leveraged their capabilities to compromise victims’ networks,’ the alert said. ‘This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third party suppliers with less secure networks.’ According to the report, the hackers targeted specific third party organizations that they knew would provide access to government entities, then created fake credentials within that organization to give them access to the intended targets.”
Source: DHS warns energy sector of hackers targeting third-party suppliers