The Week in Security: CISA alerts on open source tool, SBOMs are just the ‘first step’

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: APT groups targeted a defense industrial base sector organization, why SBOMs are a great “first step,” and more. 

This week’s top story
CISA alert: Open source tool used to steal sensitive data from a Defense Industrial Base sector organization

A new U.S. Cybersecurity and Infrastructure Security Agency (CISA) Alert (AA22-277A) shares that advanced persistent threat (APT) activity was found on the enterprise network of a U.S. Defense Industrial Base (DIB) sector organization. The known activity took place from November 2021 to January 2022, and was tracked by CISA with the help of a trusted third-party organization. CISA asserts that multiple APT groups gained access to this network, some over a long period of time. The Alert also reports that these actors used an open-source toolkit called Impacket to expand their foothold in the network and compromise it. 

The effort on behalf of CISA and the trusted third-party was an incident response engagement plan. The effort found that certain APT groups gained access to the organization’s Microsoft Exchange Server in early 2021. However, they have not yet determined how these groups gained access to the network. Once granted access, the APT groups used a compromised administrator account, allowing them to access the network’s EWS Application Programming Interface (API) twice, while connected to a VPN. 


Read more

Explore the site

More from the blog

Latest News