Sign In

Communications of the ACM

ACM TechNews

Hacker Accessed Network of U.S. Agency, Downloaded Data

View as: Print Mobile App Share:
A CISA logo.

The U.S. Cybersecurity & Infrastructure Security Agency says a hacker accessed the network of an unnamed federal agency.

Credit: Cybersecurity & Infrastructure Security Agency

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) on Thursday disclosed that an unnamed federal agency had been the victim of a cyberattack in which a hacker accessed its network.

The intruder implanted malware that avoided the agency's safeguards, and infiltrated the network by using valid access credentials for multiple users' Microsoft 365 and domain administrator accounts.

CISA said the hacker was able to browse directories, copy at least one file, and exfiltrate data.

The agency added that the hacker may have acquired the credentials by exploiting a known flaw in Pulse Secure virtual private network servers.

CISA learned of the attack through an intrusion detection system that monitors federal civilian agencies.

From Bloomberg
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found