Last week, the F.B.I. and the Cybersecurity and Infrastructure Security Agency (CISA) reported that state-sponsored Russian hackers succeeded in breaching a number of government networks and have “exfiltrated data from at least two victim servers.”
Admittedly, this whole scenario is a little confusing because these agencies claim that SLTT network members are specifically being targeted. This relates to a government promoted network affiliation called the State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC). What this group does is share information and cybersecurity tools. Once becoming a member of this group, agencies or companies can make use of the CIS SecureSuite, which is an array of tools provided by the Center for Internet Security and other government affiliated cybersecurity agencies to keep the members safe from attacks. They also provide advice on how to improve a member’s cybersecurity defenses.
Somewhat surprisingly, it appears that this Russian hacker group has targeted the members of this cybersecurity network. On the surface, this seems suicidal. Why would this hacker group want to hack a network that was designed to identify hackers? From the information given in the report, it looks like they were trying to understand the cybersecurity measures these government-affiliated networks used so that they could later compromise them more easily. In addition, the fact that all of these agencies communicate with each other as well as the intelligence community means that once any of their networks were infiltrated, a hacker could move from one agency to another and gather information as they went.
Here is what these hackers got from one such agency including, (in italics), why and how they would use it
• Sensitive network configurations and passwords.
(Discover network vulnerabilities and identify unpatched bugs. Acquiring passwords would gi ..
Support the originator by clicking the read the rest link below.
