APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a great relevance for nation-state attackers that focus on the U.S. policy.
Threat actors are targeting individuals and organizations that are involved in international affairs or which focus on national security policy with spear-phishing attacks.
The attackers also use third-party messaging services to target both corporate and personal accounts of intended victims.
According to the alert, the APT groups also attempted to compromise devices that are exposed to the Internet.
“These have included low-effort capabilities such as spearphishing emails and third-party message services directed at both corporate and personal accounts, as well as exploiting vulnerable web-facing devices and remote connection capabilities.” reads the alert. “Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic.”
Attackers leverage virtual private networks (VPNs) and other remote work tools to gain initial access on a target’s network and achieve persistence. Once gained a persistent access to a network, the attackers used the tools to steal sensitive information, gather user credentials.
“Given the importance that think tanks can have in shaping U.S. policy, CISA and FBI urge individuals and organizations in the international affairs and national security sectors to immediately adopt a heightened state of awareness,” the advisory reads.
The advisory provides technical details about the attacks aimed at the US think tanks and also includes mitigations for leaders, users/staff, IT staff/cybersecurity personnel.
(SecurityAffairs – hacking, malware)