Cryptography is hard. And cryptographic blunders can be hard to spot. This one was there for years… Posted the CISA warning last Saturday, but if you missed it, this is a CRITICAL vulnerability.
The crooks wanted $15,000,000. They didn’t get it. Huzzah!
Original release date: September 24, 2020
This is a very good very detailed analysis describing what went wrong at this agency. I could be happening to your organization, too, so take a look.
This Analysis Report uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques.
The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.