Hackers broke into U.S. military contractor, stole sensitive data

Share post:

A joint alert by CISA, the FBI, and the NSA revealed a cyberattack in which spies hid and stole sensitive data from a U.S. contractor’s corporate network for several months.

It remains unknown how the hackers broke into the defense organization’s Microsoft Exchange Server. The warning said that the threat actors spent hours searching mailboxes and using a compromised admin account to query Exchange through its EWS API.

Other malicious activities carried out by the hackers include executing Windows commands to learn more about IT setup and collecting other files in archives using WinRAR, as well as using the Impacket open-source network toolkit to remotely control machines on the network and move laterally.

The attackers then used a custom data exfiltration tool called CovalentStealer to siphon sensitive data, including contract-related information from shared drives.

The attackers’ activities were only discovered after someone realized something was wrong. As part of the investigation conducted by CISA and a “trusted third-party” security firm, officials investigated malicious network activity and discovered that some unnamed crews gained initial access to the organization’s Exchange Server as early as mid-January 2021.

The researchers’ findings showed that the attackers exploited several Microsoft bugs in 2021, including CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, to install 17 China Chopper webshells on the Exchange Server.

The sources for this piece include an article in TheRegister.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways