Security News > 2024 > July > CISA broke into a US federal agency, and no one noticed for a full 5 months

The US Cybersecurity and Infrastructure Security Agency says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.

The agency's dedicated red team picks a federal civilian executive branch agency to probe and does so without prior notice - all the while trying to simulate the maneuvers of a long term hostile nation-state threat group.

"About two weeks after the team obtained access, exploit code was released publicly into a popular open source exploitation framework. CISA identified that the vulnerability was exploited by an unknown third party. CISA added this CVE to its Known Exploited Vulnerabilities Catalog on February 2, 2023.".

Since introducing the KEV catalog, CISA has always been cagey about the degree to which federal agencies meet these deadlines, but this case shows they aren't always being met.

SILENTSHIELD assessments are able to be carried out following new-ish powers afforded to CISA by the FY21 National Defense Authorization Act, the same powers that also allow CISA's Federal Attack Surface Testing pentesting program to operate.

After CISA eventually put the agency out of its misery, weekly meetings were held with its security team and sysadmins which led to "Measurable improvements in response times for known techniques and behavior-based detections that uncovered previously unknown tradecraft."

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/