Federal Agency Compromised by Malicious Cyber Actor
The Cybersecurity and Infrastructure Security Agency (CISA) released an analysis report yesterday detailing a recent cyberattack on a federal agency’s network that was achieved through leveraging compromised employee credentials. The cyberattacker was then able to drop harmful and sophisticated malware onto the agency’s system. This malware was able to effectively evade anti-malware protection used by the agency, obtaining access to sensitive information by utilizing two proxies that exploited firewall weaknesses.
The CISA uncovered the cyberattack through a system called EINSTEIN used by the entity that monitors federal civilian networks for signs of potential compromise. The CISA then conducted an incident response protocol in which they were able to confirm malicious activity. According to the CISA, the threat actor(s) possessed valid access credentials for several Microsoft Office 365 accounts as well as domain administrator accounts, however, it is unclear how the cyberattackers were able to obtain the usernames and passwords.