An unnamed U.S. federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday.

While many details of the hack weren’t revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.

The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.

Source: Hacker Accessed Network of U.S. Agency and Downloaded Data


Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet