Numerous state-sponsored threat actors were able to compromise and exfiltrate data from a U.S.-based defense industrial base organization between January and November last year, BleepingComputer reports.
Attackers behind the compromise leveraged the CovalentStealer malware in combination with the Impacket open-source toolkit, China Chopper webshells, and the HyperBro remote access trojan, a joint report from the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency showed.
ProxyLogon vulnerabilities have also been exploited by the attackers, which were found to have accessed the impacted organization's Exchange server in mid-January 2021. Threat actors access the network again in early February to facilitate reconnaissance activity days later before leveraging the ProxyLogon flaws in early March to deploy China Chopper webshells.
Impacket use then enabled the beginning of lateral network movement in April. Attackers then used CovalentStealer to allow file uploads to Microsoft OneDrive between July and October last year.
Meanwhile, a separate CISA report showed that CovalentStealer had code from the ClientUploader utility and PowerShell script Export-MFT and featured data and configuration file encryption and decryption capabilities.
Network Security, Critical Infrastructure Security, Malware, Email security
US military contractor infiltrated in long-term data exfiltration operation
Share
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Related Terms
BandwidthBorder Gateway Protocol (BGP)BridgeCacheCache PoisoningCall Admission Control (CAC)CellCircuit Switched NetworkCut-ThroughEmail SpoofingGet daily email updates
SC Media's daily must-read of the most current and pressing daily news