The U.S. government’s cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software.
CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a “widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software” that had targeted multiple federal civilian executive branch agencies — known as FCEBs — a list that includes Homeland Security, the Treasury, and the Justice Department.
CISA said it first identified suspected malicious activity on two FCEB systems in October while conducting a retrospective analysis using Einstein, a government-operated intrusion detection system used for protecting federal civilian agency networks. Further analysis led to the conclusion that many other government networks were also affected.
CISA linked this activity to a financially motivated phishing campaign first uncovered by threat intelligence firm Silent Push. But CISA did not name the affected FCEB agencies — and did not respond to TechCrunch’s questions.
The unnamed attackers behind this campaign began sending help desk-themed phishing emails to federal employees’ government and personal email addresses in mid-June 2022, according to CISA. These emails either contained a link to a “first-stage” malicious site that impersonated high-profile companies, including Microsoft and Amazon, or prompted…
