A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday.
The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed.
CISA officials revealed the hack after publishing an in-depth incident response (IR) report detailing the intruder's every step.
The report, which ZDNet analyzed today, reveals how the intruder gained access to the federal agency's internal networks through different channels, such as leveraging compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency's Pulse Secure VPN server.
CISA said the attacker logged into Office 365 accounts to view and download help desk email attachments with "Intranet access" and "VPN passwords" in the subject line. Attackers searched for these files despite already having privileged access to the agency's network, and most likely in an attempt to find additional parts of the network they could attack.
The attacker also accessed the local Active Directory, where they modified settings and studied the structure of the agency's internal network.
To have a quick way back into the federal agency's network, the hackers installed an SSH tunnel and reverse SOCKS proxy, custom malware, and connected a hard drive they controlled to the agency's network as a locally mounted remote share.
"The mounted file share allowed the actor to freely move during its operations while leaving fewer artifacts for forensic analysis," CISA analysts said.
Furthermore, the attacker also created their own local account on the network. By analyzing forensic evidence, CISA said the hacker used this account to browse the local network, run PowerShell commands, and gather important files into ZIP archives. CISA said that it couldn't confirm if the attacker exfiltrated the ZIP archives, but this is what most likely happened in the end.
In addition, CISA said the malware the hackers installed on the federal agency's network "was able to overcome the agency's anti-malware protection, and inetinfo.exe [the malware] escaped quarantine."
Nonetheless, investigators said they detected the intrusion via EINSTEIN, CISA's intrusion detection system that monitors federal civilian networks from a vantage point and was able to compensate for the attacker bypassing local anti-malware solutions.
- قیمت استخر بادی - ایلی تویز - نمایندگی رسمی محصولات اینتکس
- اتحادیه در جنگ داخلی آمریکا
- پرده شید - ویستا پرده
- افزایش رتبه سئو سایت با بهبود سرعت بارگذاری وب سایت
- مراحل خرید مستقیم کتاب خارجی از آمازون
- Supreme Court Justice Ruth Bader Ginsburg dead at 87 - CNET
- می خواهید یک Oculus تلاش ؟ موجودی محدود است -- اما در سهام در حال حاضر - CNET
- این مقاله داروهای گیاهی شما را شگفتانگیز میکند: بخوانید یا از دست ندهید
- Reddit - Dive Into Anything
- ورق مولتی استایل - طلق البرز