SafeBreach Hacker's Playbook Coverage for US-CERT Alert AR20-268A Federal Agency Compromised by Malicious Actor
US Cert Alerts
The SafeBreach Hacker's Playbook™ already has coverage on attack methods described in US-CERT (AR20-268A) Federal Agency Compromised by Malicious Actor, which notes that by leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.
The new attack methods for US-CERT AA20-268A are already in the SafeBreach Hacker’s Playbook and ready to be run across your simulators. The Known Attack Series report is being updated so you can run the specific attacks from this US-CERT alert. From the Known Attack Series report, select the US-CERT Alert AA20-268A report and select Run Simulations which will run all the attack methods.