CISA reports that a threat actor was able to compromise the network of a federal agency, create a reverse proxy, and install malware. The attack relied on compromised credentials for initial access, and resulted in multi-stage malware being installed on the affected agency’s systems, without triggering in-place anti-malware protections. CISA speculates that the perpetrator may have obtained the necessary credentials using a known vulnerability in Pulse Secure VPN software, which should have been patched in April 2019. They achieved persistent access through an SSH tunnel/reverse SOCKS proxy, and executed a unique, multi-stage malware to drop files.
Cybersecurity, Privacy, & AI
Trending Now
Anthropic’s Reported $30B Funding Talks Spotlight AI’s Growing Role in Cybersecurity, Defense • DC3 Seeks New Contractors for DCISE Voluntary Cyber Information-Sharing Program • Pentagon Cyber Official Calls Advanced AI ‘Revolutionary Warfare’ • NIST Aims for Summer Release of AI Cyber Guidelines • President Trump’s Cyber Strategy: Cross-Sector Implications for U.S. and UK Businesses
CISA Says Threat Actor Breached Federal Agency’s Network
Who is Danny | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.