Federal Agency Compromised by Malicious Cyber Actor

Original release date: September 24, 2020CISA became aware—via EINSTEIN, CISA’s intrusion detection system that monitors federal civilian networks—of a potential compromise of a federal agency’s network. In coordination with the affected agency, CISA conducted an incident response engagement, confirming malicious activity. The following information is derived exclusively from the incident response engagement and provides the threat actor’s tactics, techniques, and procedures as well as indicators of compromise that CISA observed as part of the engagement. Threat Actor Activity The cyber...