An unnamed U.S. federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday.
While many details of the hack weren’t revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.
The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.
Investigators weren’t able to determine how the hacker initially obtained the credentials. But the agency said the hacker might have obtained them by exploiting a known vulnerability in Pulse Secure virtual private network servers.
The network breach wasn’t related to the upcoming U.S. election, according to a Department of Homeland Security official. CISA is part of the department.
CISA released technical details about the breach but didn’t provide any information about what data was stolen or whether a rival nation-state carried out the hack. The U.S. government occasionally makes such “technical indicators” public so that companies or other governments can check to see if their systems are under attack.
CISA became aware of the breach via an intrusion detection system that monitors federal civilian agencies.