Companies suffered as a result of hacking attacks against US federal entities, affected departments included the US Department of Homeland Security, the Department of Commerce, and the Department of the Treasury.
Early this year, Iranian government-sponsored hackers, including the FBI and CISA, gained access to a network of an unnamed US federal agency and used the Log4Shell vulnerability to install crypto miners and use stolen passwords.
According to the advisory, "Cyber threat actors advanced to the domain controller (DC), compromised credentials, implanted Ngrok reverse proxies on multiple hosts to maintain persistence, and then exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to install XMRig crypto mining software.
Source: https://purplesec.us/security-insights/iranian-apt-hacks-us-federal-network/
TPRM report: https://scoringcyber.rankiteo.com/company/us-treasury
"id": "usd13361222",
"linkid": "us-treasury",
"type": "Cyber Attack",
"date": "12/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Government',
'location': 'United States',
'name': ['US Department of Homeland Security',
'Department of Commerce',
'Department of the Treasury'],
'type': 'Government'}],
'attack_vector': ['Log4Shell vulnerability',
'Stolen passwords',
'Ngrok reverse proxies'],
'description': 'Companies suffered as a result of hacking attacks against US '
'federal entities, affected departments included the US '
'Department of Homeland Security, the Department of Commerce, '
'and the Department of the Treasury. Early this year, Iranian '
'government-sponsored hackers, including the FBI and CISA, '
'gained access to a network of an unnamed US federal agency '
'and used the Log4Shell vulnerability to install crypto miners '
"and use stolen passwords. According to the advisory, 'Cyber "
'threat actors advanced to the domain controller (DC), '
'compromised credentials, implanted Ngrok reverse proxies on '
'multiple hosts to maintain persistence, and then exploited '
'the Log4Shell vulnerability in an unpatched VMware Horizon '
"server to install XMRig crypto mining software.'",
'impact': {'systems_affected': ['Domain controller (DC)',
'Multiple hosts',
'VMware Horizon server']},
'initial_access_broker': {'backdoors_established': 'Ngrok reverse proxies',
'entry_point': 'Log4Shell vulnerability',
'high_value_targets': ['Domain controller (DC)',
'VMware Horizon server']},
'motivation': 'Cryptocurrency mining',
'post_incident_analysis': {'root_causes': 'Unpatched VMware Horizon server'},
'response': {'third_party_assistance': ['FBI', 'CISA']},
'threat_actor': 'Iranian government-sponsored hackers',
'title': 'Hacking Attacks Against US Federal Entities',
'type': 'Hacking',
'vulnerability_exploited': 'Log4Shell vulnerability in an unpatched VMware '
'Horizon server'}