CISA red team operation evades detection

The Cybersecurirty and Infrastructure Security Agency's three-month red team operation was not discovered by a major critical infrastructure organization last year, reports The Record, a news site by cybersecurity firm Recorded Future. After successful spear-phishing attacks against the organization's employees, including those with administrative access, federal government hackers were able to obtain persistent network access and achieve lateral movement across the organization's different sites before securing access to sensitive business system-adjacent systems, according to CISA. Even though the malicious activity has not been identified by the organization, its multi-factor authentication implementation was able to avert SBS infiltration. Techniques, tactics, and procedures leveraged by the CISA Red Team have been detailed in the advisory, which offers recommendations in hardening network security. "Our recommendations provided to the assessed organizations are applicable to help other entities assess and improve their cybersecurity. We encourage all organizations to read this latest advisory and implement the recommendations therein," said a CISA spokesperson.