The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning think tanks in the United States of ongoing attacks by advanced persistent threat (APT) actors that are often, but not exclusively aimed at individuals and organizations that focus on international affairs or national security policy.
According to the alert, to gain initial access to target networks threat actors utilize a variety of techniques, including spear phishing, third-party message services directed at both corporate and personal accounts, as well as exploitation of vulnerable web-facing devices and remote connection capabilities.
The two agencies also said that the COVID-19 pandemic gave hackers more ways to claim victims.
“Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic. Attackers may leverage virtual private networks (VPNs) and other remote work tools to gain initial access or persistence on a victim’s network. When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks,” the advisory explains.
For this reason, the FBI and CISA are advising individuals and organizations in the international affairs and national security sectors to implement network defense procedures to prevent or rapidly detect these attacks. The two agencies also provided technical details about tactics, techniques, and procedures (TTPs) employed by APT actors to compromise think tanks, as well as mitigations for leaders, users/staff, IT staff/cybersecurity personnel.