{"id":8571,"date":"2024-02-29T15:39:41","date_gmt":"2024-02-29T06:39:41","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8571"},"modified":"2024-11-19T15:42:32","modified_gmt":"2024-11-19T06:42:32","slug":"cisa-admin-credentials-of-a-former-employee-leveraged-to-compromise-a-state-government-organizationcisa-admin-credentials-of-a-former-employee-leveraged-to-compromise-a-state-government-organization","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/cisa-admin-credentials-of-a-former-employee-leveraged-to-compromise-a-state-government-organizationcisa-admin-credentials-of-a-former-employee-leveraged-to-compromise-a-state-government-organization\/","title":{"rendered":"CISA: Admin Credentials of a Former Employee Leveraged to Compromise a State Government Organization"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8571\" class=\"elementor elementor-8571\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2fcf05b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2fcf05b\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ae7567d\" data-id=\"ae7567d\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7ab761d elementor-widget elementor-widget-text-editor\" data-id=\"7ab761d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing &amp; Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization&#8217;s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a former employee\u2014a technique commonly used by threat actors\u2014and was able to successfully authenticate to an internal virtual private network (VPN) access point, navigate the victim\u2019s on-premises environment, and perform various lightweight directory access protocol (LDAP) queries against a domain controller.<br \/><br \/>It is imperative that Japanese companies handle the Dormat account, as well as ensuring that no longer needed accounts are disabled, MFA should be enabled, and passwords should be stored securely.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing &amp; Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization&#8217;s network environment after documents with host and user information, including metadata, were posted on a dark web brokerage site. An analysis confirmed that an unknown threat actor compromised network administrator credentials through the account of a<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8577,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[220,221,1],"tags":[],"class_list":["post-8571","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-government-advisory","category-national-infrastructure","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2024\/02\/Picture2-1.jpg?fit=602%2C358&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8571"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8571"}],"version-history":[{"count":5,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8571\/revisions"}],"predecessor-version":[{"id":8576,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8571\/revisions\/8576"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8577"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}