The U.S. Cybersecurity Infrastructure and Security Agency discovered a potential cyberattack on the U.S. Federal network, in which attackers have taken control of the organization's DC and used cryptominers and credential harvesters.
The attack, according to CISA, was started by hackers supported by the Iranian government who installed the XMRig crypto mining software, moved laterally to the domain controller (DC), stole passwords, and then placed Ngrok reverse proxies on a number of sites to ensure persistence.
With the aid of EINSTEIN, an intrusion detection system deployed across the FCEB, CISA conducts a routine investigation and suspected harmful APT activity on the FCEB network (IDS).
Source: https://cybersecuritynews.com/u-s-federal-network-hacked/
"id": "UNI1045221122",
"linkid": "united-states-federal-government",
"type": "Cyber Attack",
"date": "11/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"