Security News > 2022 > October > FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base Sector organization's enterprise network" as part of a cyber espionage campaign.
" actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said.
The joint advisory, which was authored by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, said the adversaries likely had long-term access to the compromised environment.
It did not attribute the intrusion to a known threat actor or group.
The initial infection vector used to breach the network is also unknown, although some of the APT actors are said to have obtained a digital beachhead to the target's Microsoft Exchange Server as early as mid-January 2021.
A month later, the APT actors exploited ProxyLogon flaws in Microsoft Exchange Server to install 17 China Chopper web shells and HyperBro, a backdoor exclusively used by a Chinese threat group called Lucky Mouse.
News URL
https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html
Related news
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- CISA: Hackers target industrial systems using “unsophisticated methods” (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)