State-sponsored advanced persistent threats (APTs) are becoming more emboldened in their cyber attacks. With significant resources at their disposal, including funding, advanced technology, and access to skilled personnel, State-sponsored APTs are strategically motivated and free to act without impunity. APTs pose significant risk to individuals, governments, and private businesses alike – time is on their side, not yours.

Federal agencies are attractive strategic targets for APTs and are particularly vulnerable because they present:

High-Value Targets: Federal agencies are ripe with high-value assets, often possessing sensitive information, including classified data, critical infrastructure systems, and vast amounts of personal identifiable information (PII) of US citizens.

Complexity and Scale: Federal agencies typically have large and complex IT infrastructures, often spanning multiple departments and locations, presenting challenges in managing and securing such sprawling networks, especially when legacy systems and remote workforce assets are involved.

Supply Chain Risk: Federal agencies rely on a vast ecosystem of contractors, vendors, and third-party service providers, which can introduce additional exploitation opportunities in third-party systems that can be exploited by APTs to achieve their strategic objectives.

Successful cyber attacks executed by APTs often have tremendous impact on the organizations they compromise and threaten national security. The repercussions can be far reaching, including the compromise of sensitive information, disruption of operations, damage to critical infrastructure, loss of public trust, and the potential escalation of diplomatic tensions.

Given these risks and repercussions, Federal agencies should be keenly focused on APTs sponsored by China, Russia, Iran, and North Korea as they maintain geopolitical ideologies that are contrary to those of the US and its allies. Notably, Russian APT, Midnight Blizzard (aka APT29, the Dukes, or Cozy Bear) has been particularly active recently in their high-profile compromise of US-based technology giant Microsoft, yielding significant risk exposure to many US Federal agencies.

Earlier this year, Microsoft announced that its corporate email accounts were breached by Midnight Blizzard. Leveraging a “low-and-slow” password spray attack, Midnight Blizzard initially breached one of Microsoft’s development environments by compromising an account that lacked Multi-Factor Authentication (MFA). Midnight Blizzard then laterally moved to Microsoft’s primary corporate production environment by abusing OAuth application functionality. As a result, they gained unrestricted access to Microsoft’s corporate mailboxes, exposing potentially large volumes of emails exchanged with their Federal clientele which could potentially contain sensitive data pertaining to critical Federal assets.

State-sponsored APTs like Midnight Blizzard are a serious threat to Federal agencies and must be addressed urgently. At Edgewater, our team of cyber experts has direct recent experiences with discovering and mitigating APTs for our customers, and stands ready to conduct proactive, adaptable, and hypothesis-driven threat hunting missions at a moment’s notice. Connect with us to learn more about our capabilities and how we secure the missions of our Federal agency customers.

Back to All News

Further Reading

Case Study: Hunting for Midnight Blizzard to Safeguard a Global Scientific Research Organization

Dangerous organizations are becoming more emboldened in their cyberattacks. Armed with an arsenal of powerful malware tools, expertise of their […]

For the 7th year, The Washington Post names Edgewater a 2024 Top Washington-area Workplace

Frederick, Md. (June 21, 2024) – Edgewater Federal Solutions, Inc. (Edgewater), a leading technology and cybersecurity federal contractor, has been […]

The Digital Battlefront – Utilizing Purple Teaming to Uncover Cybersecurity Gaps

In today’s rapidly evolving cyber threat landscape, the traditional approach of having separate offensive and defensive security teams is no […]

The Digital Battlefront – How Threat Hunting Reports Shape Cyber Defense 

Taking a proactive approach to cybersecurity is critical for Federal agencies in this robust and complex digital landscape. One way […]

Edgewater Elevates Rodger Jones to President

FREDERICK, Md. (May 1, 2024) — Today, Edgewater Federal Solutions, Inc. (Edgewater) announces that Rodger Jones has been promoted to […]

Edgewater Awarded EIA EOP V IDIQ

FREDERICK, Md. (April 18, 2024) — Edgewater Federal Solutions, Inc. (Edgewater), a leading IT services federal contractor, announces that it […]

Edgewater Promotes Hank Jackson to COO 

FREDERICK, Md. (April 16, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) proudly promotes Hank Jackson to Chief Operating Officer (COO), […]

Edgewater Taps Shaun Poulton as the Company’s next CTO

FREDERICK, Md. (April 8, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) announces that Shaun Poulton will head the company’s technology […]

The Digital Battlefront – The Need for a Quick Response against State-Sponsored Cyber Attacks 

In today’s digital age, cyber threats are constantly evolving, and Federal agencies are particularly vulnerable to attacks by State-sponsored advanced […]

Edgewater Promotes Brian Carr to CFO 

FREDERICK, Md. (April 1, 2024) — Edgewater Federal Solutions, Inc. (Edgewater) is pleased to announce the promotion of Brian Carr […]

Our People…Your Edge

We didn’t create our outstanding team by accident.

Our advantage comes from a consistent focus on attracting highly talented and dedicated people – and a commitment to honoring and empowering them so that they stay. With meaningful work and industry-leading training, compensation, and benefits, Edgewater careers are enviable so that our people are our edge.

Working for Edgewater Federal Solutions for the past 5 years has renewed my belief that great companies still exist.   They value and recognize the employee and invest in our futures.  To anyone considering a career with Edgewater, if you enjoy a positive working environment with a company that values and recognizes its employees contributions come join us.

- Al Tornabene