Federal agency compromised leveraging compromised credentials

Federal agency compromised leveraging compromised credentials
 

CISA did not reveal the name of the targeted Federal agency.


In cybersecurity, an attacker’s access to mere credentials could be further used to do a range of harmful things. In a recent report, it was revealed that there are 15 billion credentials from 100,000 data breaches being sold on the dark web.


One such new case has emerged recently as reported by the Cybersecurity and Infrastructure Security Agency (CISA) which sheds light on how attackers managed to penetrate into a Federal agency’s computer network by gaining access to Microsoft Office 365 login credentials and domain administrator accounts.


The way they did so remains unknown although there is a hint of speculation to suggest that the vulnerability named CVE-2019-11510 which was found in Pulse Secure may have been exploited as it has already been done previously in numerous federal agency attacks. This is despite a patch being available for it as the VPN servers may not have been updated yet.

Long story short, this led the attackers to then download emails containing “Intranet access” and ‘VPN passwords’ in the subject line”; changing a registry key; and enumerating the account directory, group policy key, the entire network and system that had been compromised using Microsoft’s line commands such as ping and netstat.


Yet, this was only at the surface. A range of other things was also done, amongst which one is explained by the researchers in th ..

Support the originator by clicking the read the rest link below.