Recently, a warning has been issued by America’s CISA (Cybersecurity and Infrastructure Security Agency) after a malicious cyber-actor compromised a US federal agency.
The attacker utilized valid log-in credentials for many users’ Microsoft Office 365 accounts as well as domain administrator accounts to get access to the agency’s enterprise network. Once inside, these bad actor infected the network using sophisticated malware.
By leveraging compromised credentials, the threat actor implanted sophisticated malware—encompassing multi-stage malware that escaped the affected agency’s anti-malware protection—gaining persistent access through two reverse Socket Secure (SOCKS) proxies that efficiently exploited weaknesses in the agency’s firewall.
Read More: infosecurity