State-sponsored advanced persistent threats (APTs) are becoming more emboldened in their cyber attacks. With significant resources at their disposal, including funding, advanced technology, and access to skilled personnel, State-sponsored APTs are strategically motivated and free to act without impunity. APTs pose significant risk to individuals, governments, and private businesses alike – time is on their side, not yours.

Federal agencies are attractive strategic targets for APTs and are particularly vulnerable because they present:

High-Value Targets: Federal agencies are ripe with high-value assets, often possessing sensitive information, including classified data, critical infrastructure systems, and vast amounts of personal identifiable information (PII) of US citizens.

Complexity and Scale: Federal agencies typically have large and complex IT infrastructures, often spanning multiple departments and locations, presenting challenges in managing and securing such sprawling networks, especially when legacy systems and remote workforce assets are involved.

Supply Chain Risk: Federal agencies rely on a vast ecosystem of contractors, vendors, and third-party service providers, which can introduce additional exploitation opportunities in third-party systems that can be exploited by APTs to achieve their strategic objectives.

Successful cyber attacks executed by APTs often have tremendous impact on the organizations they compromise and threaten national security. The repercussions can be far reaching, including the compromise of sensitive information, disruption of operations, damage to critical infrastructure, loss of public trust, and the potential escalation of diplomatic tensions.

Given these risks and repercussions, Federal agencies should be keenly focused on APTs sponsored by China, Russia, Iran, and North Korea as they maintain geopolitical ideologies that are contrary to those of the US and its allies. Notably, Russian APT, Midnight Blizzard (aka APT29, the Dukes, or Cozy Bear) has been particularly active recently in their high-profile compromise of US-based technology giant Microsoft, yielding significant risk exposure to many US Federal agencies.

Earlier this year, Microsoft announced that its corporate email accounts were breached by Midnight Blizzard. Leveraging a “low-and-slow” password spray attack, Midnight Blizzard initially breached one of Microsoft’s development environments by compromising an account that lacked Multi-Factor Authentication (MFA). Midnight Blizzard then laterally moved to Microsoft’s primary corporate production environment by abusing OAuth application functionality. As a result, they gained unrestricted access to Microsoft’s corporate mailboxes, exposing potentially large volumes of emails exchanged with their Federal clientele which could potentially contain sensitive data pertaining to critical Federal assets.

State-sponsored APTs like Midnight Blizzard are a serious threat to Federal agencies and must be addressed urgently. At Edgewater, our team of cyber experts has direct recent experiences with discovering and mitigating APTs for our customers, and stands ready to conduct proactive, adaptable, and hypothesis-driven threat hunting missions at a moment’s notice. Connect with us to learn more about our capabilities and how we secure the missions of our Federal agency customers.

Back to All News

Further Reading

Edgewater Taps Shaun Poulton as the Company’s next CTO

FREDERICK, Md. (April 8, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) announces that Shaun Poulton will head the company’s technology […]

The Digital Battlefront – The Need for a Quick Response against State-Sponsored Cyber Attacks 

In today’s digital age, cyber threats are constantly evolving, and Federal agencies are particularly vulnerable to attacks by State-sponsored advanced […]

Edgewater Promotes Brian Carr to CFO 

FREDERICK, Md. (April 1, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) is pleased to announce the promotion of Brian Carr […]

The Digital Battlefront – Is your Agency Prepared for a State-Sponsored Cyber Attack?

State-sponsored advanced persistent threats (APTs) are becoming more emboldened in their cyber attacks. With significant resources at their disposal, including […]

Edgewater Ranks No. 73 on Inc. Magazine’s List of the Mid-Atlantic Region’s Fastest-Growing Private Companies 

Frederick, Md. (February 27, 2024) – Inc. magazine today revealed that Edgewater Federal Solutions, Inc. is No. 73 on its […]

Edgewater Celebrates 2023 Founder’s Award Winners

During Edgewater’s Q1 Town Hall, we had the incredible pleasure of announcing our Founder’s Award honorees! Congratulations to Barry Cohen […]

Innovation, Growth, and Giving Back: Edgewater’s Unforgettable 2023

2023 marked another incredible year for Edgewater Federal Solutions. There are some things we’re fortunate to celebrate every year, like […]

Edgewater Federal Solutions Named to Inc.’s 2023 Best in Business List in IT Management Category 

4th annual list recognizes 215 private companies putting purpose ahead of profit.  Frederick, Md. (December 5, 2023) – Edgewater Federal […]

Edgewater Named 2024 Elev8 GovCon Honoree by OrangeSlices 

Frederick, Md. (October 24, 2023) — Edgewater Federal Solutions, Inc. (Edgewater) is recognized as being among OrangeSlices’ 2024 Elev8 GovCon […]

Your Role in Cybersecurity: Tips for Cybersecurity Awareness Month 

At Edgewater, cybersecurity is the cornerstone of our company. It’s how we protect our client’s critical information, our assets, and […]

Our People…Your Edge

We didn’t create our outstanding team by accident.

Our advantage comes from a consistent focus on attracting highly talented and dedicated people – and a commitment to honoring and empowering them so that they stay. With meaningful work and industry-leading training, compensation, and benefits, Edgewater careers are enviable so that our people are our edge.

I have been working at Edgewater as a Configuration Manager for over 5 years. The job has been challenging, rewarding and has provided an environment for professional growth. As an on-sight contractor, I have been working with a team of seasoned professionals who have provided both technical expertise and a warm friendly environment.

- Barry Cohen