Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.
Cyber criminals seek stolen credentials
The HRCP report highlights the significant threat from stolen credentials for these groups—a theme that also plays a key role in the 2024 X-Force Threat Intelligence Index—as the threat from malicious actors stealing and using valid credentials for initial access into networks of interest surged throughout 2023. This threat underscores the necessity of implementing multifactor authentication to protect vulnerable accounts from hacking or takeover.
Credential-based attacks and threats to user identities are far from new, but their effectiveness positions them as a preferred tactic of choice for cyber criminals and state-sponsored actors alike. In fact, in 2020 and 2021, X-Force published details of ITG18 operations (overlaps with Charming Kitten, Phosphorous and TA453) against individuals that leaned on the exploitation of identity. Among other techniques, ITG18 threat actors would validate stolen credentials by copying and pasting stolen victim usernames and passwords into a wide variety of websites, highlighting some of the painstaking techniques used to target members of civil society.
threat intelligence protect vulnerable communities
