CISA broke into a US federal agency, and no one noticed for a full 5 months
Red team exercise revealed a score of security fails
The US Cybersecurity and Infrastructure Security Agency (CISA) says a red team exercise at a certain unnamed federal agency in 2023 revealed a string of security failings that exposed its most critical assets.…
CISA calls these SILENTSHIELD assessments. The agency's dedicated red team picks a federal civilian executive branch (FCEB) agency to probe and does so without prior notice – all the while trying to simulate the maneuvers of a long term hostile nation-state threat group.
According to the agency's account of the exercise, the red team was able to gain initial access by exploiting an unpatched vulnerability (CVE-2022-21587 - 9.8) in the target agency's Oracle Solaris enclave, leading to what it said was a full compromise.
It's worth noting that CVE-2022-21587, an unauthenticated remote code execution (RCE) bug carrying a near-maximum 9.8 CVSS rating, was added to CISA's known exploited vulnerability (KEV) catalog in February 2023. The initial intrusion by CISA's red team was made on January 25, 2023.
https://www.msn.com/en-us/money/other/cisa-broke-into-a-us-federal-agency-and-no-one-noticed-for-a-full-5-months/ar-BB1pSOBr?ocid=msedgdhp&pc=HCTS&cvid=1fe89ebe38ce4c6a8bc55041ae4c5cb8&ei=61
