CISA broke into US federal agency, wasn't spotted for months
The Register
|
Summary
A red team exercise by the US Cybersecurity and Infrastructure Security Agency (CISA) at an unnamed federal agency exposed significant security weaknesses that went unnoticed for five months. The exercise, simulating a nation-state cyber threat, began with the exploitation of an unpatched vulnerability (CVE-2022-21587) in the agency's Oracle Solaris enclave, leading to a comprehensive system breach. Despite early notification, the agency delayed patching the flaw for over two weeks, during which the exploit became publicly available. Further compromises were achieved through phishing and weak password attacks, with the red team gaining extensive access to privileged systems. The assessment highlighted inadequate detection capabilities, ineffective log management, and over-reliance on known indicators of compromise (IoCs). The exercise underscored the need for defense-in-depth strategies and stricter adherence to security patching deadlines.
