Hackers Are Targeting US Think Tanks

Think tanks in the United States have been cautioned that they are being actively targeted by advanced persistent threat (APT) actors.

The warning was issued yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

CISA and the FBI advised America's think tanks to develop network defense procedures after observing APT actors performing "persistent continued cyber intrusions."

According to the warning, the malicious activity they detected was often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy.

APT actors have used a variety of methods to gain initial access to their victims. Their tactics have included sending spear-phishing emails and exploiting third-party message services directed at both corporate and personal accounts.

Another malicious maneuver observed being utilized by APT actors was the exploitation of vulnerable web-facing devices and remote connection capabilities.

The FBI and CISA said the outbreak of COVID-19 had made it easier for APT actors to claim victims. 

"Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic," warned the FBI and CISA.

"Attackers may leverage virtual private networks (VPNs) and other remote work tools to gain initial access or persistence on a victim’s network. When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks."

CISA and FBI urged individuals and organizations in the international affairs and national security sectors to immediately adopt a heightened state of awareness and implement mitigation strategies.

"All organizations, including think tanks, are targets to nation-states and cybercriminals, and by phishing the human, they view it as the more accessible way into the systems and infrastructure," commented James McQuiggan, security awareness advocate at KnowBe4.

"Organizations need to maintain a strong security awareness training program and update it frequently to keep employees updated on the latest attack patterns and phishing emails.

"This action makes for a more solid security culture and allows the organization to work towards being a more substantial asset for the security department.” 

What’s Hot on Infosecurity Magazine?