Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Feds Hit with Successful Cyberattack, Data Stolen

posted by martyb on Saturday September 26 2020, @01:27PM   Printer-friendly
from the who-is-next? dept.

Fnord666 writes:

Feds Hit with Successful Cyberattack, Data Stolen:

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Thursday, not naming the agency but providing technical details of the attack. Hackers, it said, gained initial access by using employees' legitimate Microsoft Office 365 log-in credentials to sign onto an agency computer remotely.

"The cyber-threat actor had valid access credentials for multiple users' Microsoft Office 365 (O365) accounts and domain administrator accounts," according to CISA. "First, the threat actor logged into a user's O365 account from Internet Protocol (IP) address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file. The cyber-threat actor connected multiple times by Transmission Control Protocol (TCP) from IP address 185.86.151[.]223 to the victim organization's virtual private network (VPN) server."

As for how the attackers managed to get their hands on the credentials in the first place, CISA's investigation turned up no definitive answer – however, it speculated that it could have been a result of a vulnerability exploit that it said has been rampant across government networks.

"It is possible the cyber-actor obtained the credentials from an unpatched agency VPN server by exploiting a known vulnerability—CVE-2019-11510—in Pulse Secure," according to the alert. "CVE-2019-11510...allows the remote, unauthenticated retrieval of files, including passwords. CISA has observed wide exploitation of CVE-2019-11510 across the federal government."

Check out the rest of the story for additional details on the attack.

CVE-2019-11510

Original Submission

 
This discussion has been archived. No new comments can be posted.
Feds Hit with Successful Cyberattack, Data Stolen | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by MIRV888 on Saturday September 26 2020, @03:21PM (2 children)

    by MIRV888 (11376) on Saturday September 26 2020, @03:21PM (#1057279)

    The Chinese J31 appears to be almost a direct rip off of the F22. That's either incredibly coincidental design, or not.

  • (Score: 0) by Anonymous Coward on Saturday September 26 2020, @05:06PM (1 child)

    by Anonymous Coward on Saturday September 26 2020, @05:06PM (#1057313)

    The Chinese J31 appears to be almost a direct rip off of the F22.

    With so many copies it is easy to get them all mixed up. Supposedly the J-20 is a ripoff of the F-22, while the J-31 is a ripoff of the F-35.

    The original design schematics for both of them were obtained by a Chinese national through industrial espionage. [popularmechanics.com]

    • (Score: 0) by Anonymous Coward on Sunday September 27 2020, @05:01PM

      by Anonymous Coward on Sunday September 27 2020, @05:01PM (#1057680)

      That's because this is part of a supranational operation to bring about the NWO. Using national hostilities to build up a global military force for global control of the slaves.