Home Security FBI, CISA, and NSA Reveal How Hackers Focused a Protection Industrial Base Group

FBI, CISA, and NSA Reveal How Hackers Focused a Protection Industrial Base Group

by crpt os


U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a “Defense Industrial Base (DIB) Sector organization’s enterprise network” as part of a cyber espionage campaign.

“[Advanced persistent threat] actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data,” the authorities said.

CyberSecurity

The joint advisory, which was authored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), said the adversaries likely had long-term access to the compromised environment.

The findings are the result of CISA’s incident response efforts in collaboration with a trusted third-party security firm from November 2021 through January 2022. It did not attribute the intrusion to a known threat actor or group.

The initial infection vector used to breach the network is also unknown, although some of the APT actors are said to have obtained a digital beachhead to the target’s Microsoft Exchange Server as early as mid-January 2021.

Subsequent post-exploitation activities in February entailed a mix of reconnaissance and data collection efforts, the latter of which resulted in the exfiltration of sensitive contract-related information. Also deployed during this phase was the Impacket tool to establish persistence and facilitate lateral movement.

CyberSecurity

A month later, the APT actors exploited ProxyLogon flaws in Microsoft Exchange Server to install 17 China Chopper web shells and HyperBro, a backdoor exclusively used by a Chinese threat group called Lucky Mouse (aka APT27, Bronze Union, Budworm, or Emissary Panda).

The intruders, from late July through mid-October 2021, further employed a bespoke malware strain called CovalentStealer against the unnamed entity to siphon documents stored on file shares and upload them to a Microsoft OneDrive cloud folder.

Organizations are recommended to monitor logs for connections from unusual VPNs, suspicious account use, anomalous and known malicious command-line usage, and unauthorized changes to user accounts.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex