The CISA and FBI announced that a federal agency, which they are keeping anonymous for now, was hacked by the Iranian government.
At the beginning of December last year, the Cybersecurity and Infrastructure Security Agency (CISA), which formed in 2018 as a sub-agency of the Department of Homeland Security (DHS), identified a serious software error being used across federal agency networks. The CISA issued an urgent notice about the potential security risk and instructed all agencies to fix the computer bug by December 23rd of last year and also to report the completion of this fix, or “patch,” to the CISA five days later.
Are you an employee at a federal agency? Attend our no-cost webinars about Federal Employee Retirement Benefits!
Although the affected agency was not identified by the CISA or FBI, which are working in tandem on this cybersecurity incident, the agencies released a notice last week that at least one federal agency failed to repair the software flaw mentioned above. In April of 2022, the CISA became aware that this agency had been hacked by persons linked to the Iranian government. These hackers successfully infiltrated the agency’s network after the software fix was supposed to be completed – sometime between February and March of 2022. Then, later in the summer, “suspected threat activity” was observed by the CISA.
The bad actors had compromised user credentials, installed cryptocurrency mining software, and even created a rogue administration account. The only information given about what agency had been digitally attacked was that it was an “unnamed federal civilian executive branch organization.” Also in last week’s announcement from the CISA and FBI, it was explained that if other agencies had failed to complete the software fix back in December, they should consider their systems compromised already. The software flaw that exploited by Iran is known as an “unpatched Log4Shell vulnerability.”
-----
Until Next Time,