The unnamed U.S. federal agency was hit by a cyber-attack after the hacker used valid access credentials, officials said Thursday.
According to the Cybersecurity & Infrastructure Security Agency, known as CISA, although many details of the hack have not been revealed, federal officials have revealed that hackers can browse directories, copy at least one file, and erase data.
According to officials, the hacker escaped the agency’s security system and was able to gain access to the network by using valid access credentials for multiple users of Microsoft 365 accounts and domain administrator accounts.
Initially, researchers could not figure out how the hacker got the clues. But the agency said the hacker was likely to get them by exploiting them Known vulnerability Pulse on secure virtual private network servers.
The CISA released technical details about the breach, but did not provide any information on whether any data had been stolen or hacked by the rival nation state. The U.S. government occasionally discloses such “technical indicators” so that companies or other governments can check whether their own systems are under attack.
The CISA learned of the breach through an intrusion detection system that monitors federal civic bodies.