3 December 2020

CISA and FBI warn of cyber attacks against U.S. think tanks


CISA and FBI warn of cyber attacks against U.S. think tanks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning think tanks in the United States of ongoing attacks by advanced persistent threat (APT) actors that are often, but not exclusively aimed at individuals and organizations that focus on international affairs or national security policy.

According to the alert, to gain initial access to target networks threat actors utilize a variety of techniques, including spear phishing, third-party message services directed at both corporate and personal accounts, as well as exploitation of vulnerable web-facing devices and remote connection capabilities.

The two agencies also said that the COVID-19 pandemic gave hackers more ways to claim victims.

“Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic. Attackers may leverage virtual private networks (VPNs) and other remote work tools to gain initial access or persistence on a victim’s network. When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks,” the advisory explains.

For this reason, the FBI and CISA are advising individuals and organizations in the international affairs and national security sectors to implement network defense procedures to prevent or rapidly detect these attacks. The two agencies also provided technical details about tactics, techniques, and procedures (TTPs) employed by APT actors to compromise think tanks, as well as mitigations for leaders, users/staff, IT staff/cybersecurity personnel.


Back to the list

Latest Posts

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

The attacks target users in organizations located in the United States, Canada, Austria, and Germany.
18 January 2021
EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA said that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.
18 January 2021
Joker’s Stash, the largest carding marketplace, will shut down next month

Joker’s Stash, the largest carding marketplace, will shut down next month

The Joker’s Stash operators said that all the data will be wiped out from their servers after February 15th, 2021.
18 January 2021