Thursday, January 21, 22:48
Home security CISA: Hacker invades US federal service!

CISA: Hacker invades US federal service!

CISA announced yesterday that it had acquired a hacker access and decoded data by a U.S. federal agency. The name of the federal agency in which the infringement, as well as the date of the attack or any details about the hacker, are not currently known.

CISA officials revealed the breach after the publication of a detailed incident response (IR) report detailing every step the hacker took. The report, analyzed by ZDNet, reveals how the hacker managed to gain access to the internal networks of the federal service, exploiting violated credentials accounts Microsoft Office 365, administrator accounts domain and credentials for Pulse Secure VPN server service.

CISA

According to CISA, the hacker logged into Office 365 accounts to view and download help desk e-mail attachments with “Intranet Access” and passwords VPN”On the subject line. The hacker searched these files even though he had already gained privileged access to the service network, most likely to find other parts of the network that he could attack.

The hacker also had access to the local Active Directory, where he modified the settings and studied the structure of the service's internal network. In addition, the hacker installed an SSH tunnel and reverse SOCKS proxy, customized malware and connected a hard drive, which he controlled, to the service network.

hacker vs usa federal service

According to CISA analysts, the hacker was able to move freely during his "operation", leaving less evidence for forensic analysis. In addition, the hacker created his own local account on the network. Analyzing the forensic evidence, CISA noted that the hacker used this account to browse the local network, execute PowerShell commands, and gather important files in ZIP files. However, CISA noted that it could not confirm whether the hacker removed the ZIP files, although this probably did in the end. CISA also reported that malware (inetinfo.exe) installed by the hacker on the federal service network could bypass the service's anti-malware protection.

However, the researchers said they had detected the intrusion through EINSTEIN, CISA's intrusion detection system that monitors federal political networks, and were therefore able to compensate for the hacker who bypassed US federal anti-malware protection.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...