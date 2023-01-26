US federal agencies hacked using legitimate remote desktop tools

Variety
2023-01-26 | 09:05
High views
Share
LBCI
Share
LBCI
Whatsapp
facebook
Twitter
Messenger
telegram
telegram
print
US federal agencies hacked using legitimate remote desktop tools
Whatsapp
facebook
Twitter
Messenger
telegram
telegram
print
3min
US federal agencies hacked using legitimate remote desktop tools

The US government’s cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software.

CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a “widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software” that had targeted multiple federal civilian executive branch agencies — known as FCEBs — a list that includes Homeland Security, the Treasury, and the Justice Department.

CISA said it first identified suspected malicious activity on two FCEB systems in October while conducting a retrospective analysis using Einstein, a government-operated intrusion detection system used for protecting federal civilian agency networks. Further analysis led to the conclusion that many other government networks were also affected.

CISA linked this activity to a financially motivated phishing campaign first uncovered by threat intelligence firm Silent Push. But CISA did not name the affected FCEB agencies — and did not respond to TechCrunch’s questions.

The unnamed attackers behind this campaign began sending help desk-themed phishing emails to federal employees’ government and personal email addresses in mid-June 2022, according to CISA. These emails either contained a link to a “first-stage” malicious site that impersonated high-profile companies, including Microsoft and Amazon, or prompted the victim to call the hackers, who then tried to trick the employees into visiting the malicious domain.

These phishing emails led to the download of legitimate remote access software — ScreenConnect (now ConnectWise Control) and AnyDesk — which the unnamed hackers used as part of a refund scam to steal money from victims’ bank accounts. These self-hosted remote access tools can allow IT administrators near-instant access to an employee’s computer with minimal interaction from the user, but these have been abused by cybercriminals to launch convincing-looking scams.

In this case, and according to CISA, the cybercriminals used the remote access software to trick the employee into accessing their bank account. The hackers used their remote access to modify the recipient’s bank account summary. “The attackers used the remote access software to change the victim’s bank account summary information to show that they mistakenly refunded an excess amount of money, then instructed the victim to ‘refund’ this excess amount,” CISA said.

CISA warns that the attackers could also use legitimate remote access software as a backdoor for maintaining persistent access to government networks. “Although this specific activity appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipient’s organization — from both other cybercriminals and APT actors,” the advisory said.

TechCrunch

Variety

CISA

Cybersecurity

Remote

Monitoring

US

Federal

Agency

Hacked

Desktop

Tools

Cybercriminals

LBCI Next
Lexus chief to take over Toyota as founder's grandson steps down
Microsoft's dour outlook raises red flags for tech sector
LBCI Previous

Related Articles

d-none hideMe
LBCI
World
2023-01-11

US agency plans to propose new fuel economy standards in April

LBCI
Variety
2023-01-06

Twitter hacked, 200 million user email addresses leaked, researcher says

LBCI
World
2023-01-02

Russia risks causing new-year IT worker flight with remote working law

LBCI
Middle East
09:36

Egypt unveils tombs and sarcophagus in new excavation

Recommended For You
d-none hideMe
LBCI
Variety
08:09

Lebanese doctor successfully completes operation on rare hernia condition

LBCI
Variety
06:25

Lexus chief to take over Toyota as founder's grandson steps down

LBCI
Variety
11:44

Microsoft's dour outlook raises red flags for tech sector

LBCI
Variety
11:37

After inking its OpenAI deal, Shutterstock rolls out a generative AI toolkit to create images based on text prompts

Our visitors readings
d-none hideMe
LBCI
Variety
09:05

US federal agencies hacked using legitimate remote desktop tools

LBCI
Sports
2023-01-23

Juventus shares tumble after 15-point penalty imposed

LBCI
News Bulletin Reports
2022-12-19

LBCI sources debunk occurrence of virtual meeting between Hezbollah, UNIFIL

LBCI
Lebanon Economy
09:00

Pharmacies shut their doors shortly in protest of medicine shortage

Videos
d-none hideMe
LBCI
Lebanon News
12:32

Beirut blast investigations: The latest

LBCI
Lebanon News
2023-01-23

Here is what preliminary investigations reveal after grenade attack on LBCI

LBCI
Lebanon News
2023-01-19

Khalaf, Saliba start open-ended stay inside parliament until president is elected

LBCI
News Bulletin Reports
2022-12-23

Lebanon lacks leaders with geopolitical vision: Naufal Daou

LBCI
News Bulletin Reports
2022-12-07

FPM likely to ditch white ballots following disagreement with Hezbollah

LBCI
Lebanon News
2022-12-07

Bassil sparks debate on long-awaited decentralization reform

LBCI
Lebanon Economy
2022-12-07

Israel has recruited hundreds of spies, making use of Lebanon's collapse

LBCI
Lebanon News
2022-12-07

Lebanon expects four hours of electricity production by January

LBCI
Lebanon Economy
2022-12-07

Alvarez & Marsal still working on BDL forensic audit report

Download now the LBCI mobile app
To see the latest news, the latest daily programs in Lebanon and the world
Google Play
App Store
Download now the LBCI mobile app