CISA Analysis Report: Federal Agency Compromised by Malicious Cyber Actor

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis report on a recent threat actor’s cyber attack on a federal agency’s enterprise network. As described in the report, the cyber threat actor leveraged compromised credentials to implant sophisticated malware – including multi-stage malware that evaded the affected agency’s anti-malware protection – and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall. This and other information in the report is derived exclusively from CISA’s incident response and provides the threat actor’s tactics, techniques, and procedures as well as indicators of compromise observed as part of the engagement. The report also offers CISA’s recommendations for organizations to implement to protect against this activity. Read the advisory at CISA.