Key Issue: FBI targeted in data exfiltration campaigns
Cybercriminals: Multiple cybercriminal groups conduct BYOVD operations
Nation-State: Russia-linked units vary malware delivery techniques against Ukraine
Hacktivists: Suspected pro-Russia DDoS campaign targets Danish defence entities

FBI targeted in data exfiltration campaigns

Our key issue this week highlights two campaigns targeting the Federal Bureau of Investigation (FBI). On 10 December 2022, user information from the FBI’s information sharing programme InfraGard was posted for sale on the cybercriminals forum Breached.

The perpetrator behind the breach, user ‘USDoD’, was able to gain access to the network by impersonating the CEO of a high-profile US financial corporation. Once approved, USDoD used a Python script to query the API and retrieve data relating to 80,000 InfraGard users, which then was posted for sale on Breached for USD 50,000. On 15 December 2022, pro-Russian hacktivist group Killnet claimed to have infiltrated the FBI in an extensive data exfiltration campaign. While the attack is unverified, Killnet has used their Telegram channel ‘We Are Killnet’ to share several screenshots and recordings
of the threat actor accessing the personal data of more than 10,000 US federal agents, including social media passwords and bank details.

If confirmed, this breach demonstrates a significant shift in tactics, techniques, and procedures for the group, moving away from low-impact Distributed-Denial-of-Service attacks to data exfiltration, alongside the targeting of high-profile entities as also recently seen against the European Parliament. However, the two incidents highlight how government agencies, and their programmes are still susceptible to compromise and are routinely targeted by malicious actors, despite higher-level security protocols.

Subscribe below to receive the full version.