The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are warning that a cyberthreat actor launched a spearphishing attack against government agencies, nongovernmental organizations (NGO) and intergovernmental organizations (IGO).
The threat actor used a compromised user account from email marketing software company Constant Contact to transmit phishing emails that seemed to originate from a U.S. government agency to over 7,000 accounts across about 350 agencies, NGOs and IGOs, the agencies said Friday.
“The emails contained a legitimate Constant Contact link that redirected to a malicious URL, from which a malicious ISO file was dropped onto the victim’s machine,” the advisory reads.
The ISO file contained the malicious Cobalt Strike Beacon implant “that calls back to attacker-controlled infrastructure and checks for additional commands to execute on the compromised system,” the document states.
CISA and the bureau called on critical infrastructure owners and operators to implement multifactor authentication, update all software, field endpoint and detection response tools, apply centralized log management for host monitoring and deploy signatures to block or detect inbound connection from Cobalt Strike servers and other post-exploitation tools, among other mitigation measures.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification (CMMC), then check out Potomac Officers Club's (POC) CMMC Forum coming up on June 16th.
CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.
To register for this virtual forum and view other upcoming events, visit the POC Events page.