An agency of the U.S. Federal Civilian Executive Branch (FCEB) became a victim of an attack carried out by an Iranian APT (Advanced Persistent Threat) according to CISA. The particular agency was not disclosed; the category of FCEB includes all cabinet level branches such as the Departments of State, Energy, and Treasury, as well as all other non-military operations such as the Social Security Administration. The attack was carried out through an unpatched VMWare Horizon server where the threat actor managed to use the Log4Shell vulnerability to access a secured network. Once accessed, the group was able to move laterally through the network to the domain controller and steal credentials. The APT was also able to deploy Ngrok reverse proxies to maintain persistence and deploy the XMRing crypto miner.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security