cyber Vulnerability

U.S. Department of Commerce

Dec 8, 2022 1 min read
U.S. Department of Commerce

Companies suffered as a result of hacking attacks against US federal entities, affected departments included the US Department of Homeland Security, the Department of Commerce, and the Department of the Treasury.

Early this year, Iranian government-sponsored hackers, including the FBI and CISA, gained access to a network of an unnamed US federal agency and used the Log4Shell vulnerability to install crypto miners and use stolen passwords.

According to the advisory, "Cyber threat actors advanced to the domain controller (DC), compromised credentials, implanted Ngrok reverse proxies on multiple hosts to maintain persistence, and then exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to install XMRig crypto mining software.

Source: https://purplesec.us/security-insights/iranian-apt-hacks-us-federal-network/

TPRM report: https://scoringcyber.rankiteo.com/company/u-s-department-of-commerce

"id": "usd142471222",
"linkid": "u-s-department-of-commerce",
"type": "Vulnerability",
"date": "12/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Government',
                        'location': 'United States',
                        'name': ['US Department of Homeland Security',
                                 'Department of Commerce',
                                 'Department of the Treasury'],
                        'type': 'Federal Agency'}],
 'attack_vector': ['Log4Shell vulnerability', 'Compromised credentials'],
 'data_breach': {'type_of_data_compromised': 'Credentials'},
 'description': 'Iranian government-sponsored hackers gained access to a '
                'network of an unnamed US federal agency and used the '
                'Log4Shell vulnerability to install crypto miners and use '
                'stolen passwords.',
 'impact': {'data_compromised': 'Stolen passwords',
            'systems_affected': ['Network',
                                 'Domain controller',
                                 'VMware Horizon server']},
 'motivation': 'Crypto mining, credential theft',
 'response': {'law_enforcement_notified': 'FBI and CISA'},
 'threat_actor': 'Iranian government-sponsored hackers',
 'title': 'Hacking Attacks Against US Federal Entities',
 'type': 'Cyber Attack',
 'vulnerability_exploited': 'Log4Shell vulnerability'}
Published by
Roshni Ray
Roshni Ray
You might also like
Breach cyber

Dansons

public 1 min read
The breach involved unauthorized access to customer payment information, affecting 19 New Hampshire residents. The compromised information included names, addresses,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.