CyberNews Briefs

CISA Advisory Details How Hackers Targeted Defense Industrial Base Organization

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CSA) released an advisory highlighting a threat targeting the Defense Industrial Base sector organization’s enterprise network. The advanced persistent threat group is leveraging the open-source toolkit Impakcet to gain initial access into target systems. After Impacket is successfully deployed, it launches the data exfiltration tool CovalentStealer. The advisory was released in collaboration with the Federal Bureau of Investigation and the National Security Agency.

The advisory states that the CISA observed these attacks between November 2021 and January 2022 during incident response activities. In some instances, the CISA believes that the threat actors had long-term access to the environment. Additionally, the threat actors used Microsoft Exchange to breach target systems and returned later to use Command Shell ot collect sensitive data before launching the Impacket tools. In the observed instances, the threat actors used VPNs to conduct the attacks.

Read More: CISA Advisory Details How Hackers Targeted Defense Industrial Base Organization

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.