Security News > 2020 > December > FBI and Homeland Security warn of APT attacks on US think tanks

They also provided a set of extensive mitigation measures to be immediately implemented by think tank organizations' leaders, staff, and IT staff to strengthen their security posture and defend against ongoing attacks by nation-state hacking groups.
The FBI also issued a 'TLP:WHITE' private industry notification in April 2020 regarding the continued targeting of US think tanks by state-backed APT groups since at least 2014, with the end goal of gaining access to and exfiltrating sensitive information.
"Nation-state APT actors have sought access to US think tank organizations-which employ former US Government personnel who continue to engage with current USG officials on political, domestic, foreign, and economic policies -as a means to collect sensitive USG information, bypassing the need to target USG networks directly," the FBI warned.
Even after successfully removing APTs from the compromised network of a think tank organization, they have been able to "Shortly" re-infiltrate them and resume harvesting and exfiltrating sensitive information until their malicious activity was once again detected and blocked the FBI said.
Previous attacks targeting US think tanks in 2017 and 2018 were reported by Defense One and security researchers at Volexity.
News URL
Related news
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- US defense contractor cops to sloppy security, settles after infosec lead blows whistle (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- FBI: US lost record $16.6 billion to cybercrime in 2024 (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)