State-sponsored advanced persistent threats (APTs) are becoming more emboldened in their cyber attacks. With significant resources at their disposal, including funding, advanced technology, and access to skilled personnel, State-sponsored APTs are strategically motivated and free to act without impunity. APTs pose significant risk to individuals, governments, and private businesses alike – time is on their side, not yours.
Federal agencies are attractive strategic targets for APTs and are particularly vulnerable because they present:
High-Value Targets: Federal agencies are ripe with high-value assets, often possessing sensitive information, including classified data, critical infrastructure systems, and vast amounts of personal identifiable information (PII) of US citizens.
Complexity and Scale: Federal agencies typically have large and complex IT infrastructures, often spanning multiple departments and locations, presenting challenges in managing and securing such sprawling networks, especially when legacy systems and remote workforce assets are involved.
Supply Chain Risk: Federal agencies rely on a vast ecosystem of contractors, vendors, and third-party service providers, which can introduce additional exploitation opportunities in third-party systems that can be exploited by APTs to achieve their strategic objectives.
Successful cyber attacks executed by APTs often have tremendous impact on the organizations they compromise and threaten national security. The repercussions can be far reaching, including the compromise of sensitive information, disruption of operations, damage to critical infrastructure, loss of public trust, and the potential escalation of diplomatic tensions.
Given these risks and repercussions, Federal agencies should be keenly focused on APTs sponsored by China, Russia, Iran, and North Korea as they maintain geopolitical ideologies that are contrary to those of the US and its allies. Notably, Russian APT, Midnight Blizzard (aka APT29, the Dukes, or Cozy Bear) has been particularly active recently in their high-profile compromise of US-based technology giant Microsoft, yielding significant risk exposure to many US Federal agencies.
Earlier this year, Microsoft announced that its corporate email accounts were breached by Midnight Blizzard. Leveraging a “low-and-slow” password spray attack, Midnight Blizzard initially breached one of Microsoft’s development environments by compromising an account that lacked Multi-Factor Authentication (MFA). Midnight Blizzard then laterally moved to Microsoft’s primary corporate production environment by abusing OAuth application functionality. As a result, they gained unrestricted access to Microsoft’s corporate mailboxes, exposing potentially large volumes of emails exchanged with their Federal clientele which could potentially contain sensitive data pertaining to critical Federal assets.
State-sponsored APTs like Midnight Blizzard are a serious threat to Federal agencies and must be addressed urgently. At Edgewater, our team of cyber experts has direct recent experiences with discovering and mitigating APTs for our customers, and stands ready to conduct proactive, adaptable, and hypothesis-driven threat hunting missions at a moment’s notice. Connect with us to learn more about our capabilities and how we secure the missions of our Federal agency customers.