Just this past week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that a federal agency was hit with a malware attack from an unknown source. This proves that even federal agencies can have vulnerabilities. The attack first started with a set of an internal user’s Office 365 credentials. Then, other passwords and VPN information were searched through the user’s email database. Here is a detailed breakdown from The Threat Post’s article:
“After initial access, the group set about carrying out reconnaissance on the network. First, they logged into an agency O365 email account to view and download help-desk email attachments with ‘Intranet access’ and ‘VPN passwords’ in the subject lines – and it uncovered Active Directory and Group Policy key, changing a registry key for the Group Policy.”
Once they had the necessary tools in their hands, they were able to begin data exfiltration and, eventually, all the small-scale vulnerabilities added up to a big exposed vulnerability for a U.S. federal agency. Although the attack has since been remediated, through one user's credentials, cybercriminals were able to drop malware and collect confidential Federal data.
To learn more about this incident, read the full article here.