Sign In

Communications of the ACM

ACM TechNews

Hacker Accessed Network of U.S. Agency, Downloaded Data


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A CISA logo.

The U.S. Cybersecurity & Infrastructure Security Agency says a hacker accessed the network of an unnamed federal agency.

Credit: Cybersecurity & Infrastructure Security Agency

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) on Thursday disclosed that an unnamed federal agency had been the victim of a cyberattack in which a hacker accessed its network.

The intruder implanted malware that avoided the agency's safeguards, and infiltrated the network by using valid access credentials for multiple users' Microsoft 365 and domain administrator accounts.

CISA said the hacker was able to browse directories, copy at least one file, and exfiltrate data.

The agency added that the hacker may have acquired the credentials by exploiting a known flaw in Pulse Secure virtual private network servers.

CISA learned of the attack through an intrusion detection system that monitors federal civilian agencies.

From Bloomberg
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found