Hacker downloaded data from network of U.S. agency
An unnamed U.S. federal agency was hit with a cyber attack after a hacker used valid access credentials, authorities said on Thursday.
The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.
Investigators weren’t able to determine how the hacker initially obtained the credentials.
CISA released technical details about the breach, but didn’t provide any information about what data was stolen or whether the hack was carried out by a rival nation state. ■