"CISA: Multiple Government Hacking Groups Had 'Long-Term' Access to Defense Company"
Several US agencies have stated that multiple government hacking groups had "long-term" access to a defense company's network. According to a report from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA), some of the hackers exploited Microsoft Exchange vulnerabilities on the unnamed organization's server to gain remote access and compromise legitimate company accounts in order to access emails, meetings, and contacts belonging to other employees. CISA stated that the issues were discovered while responding to hacker activity on the defense company's network between November 2021 and January 2022. CISA discovered that multiple Advanced Persistent Threat (APT) groups likely compromised the organization's network, and some APT actors had long-term access to the environment during their investigation. The APT actors used an open-source toolkit called Impacket to gain a foothold in the environment and further compromise the network, as well as a custom data exfiltration tool called CovalentStealer to steal the victim's sensitive data. This article continues to discuss the information from the joint advisory on multiple government hacking groups' use of Impacket and CovalentStealer to steal sensitive information from a defense company.