Who:
U.S. Cybersecurity and Infrastructure Security Agency (CISA)
An unnamed federal civilian executive branch (FCEB) agency
What:
A red team exercise by CISA revealed multiple security failings at a federal agency.
The red team exploited an unpatched vulnerability (CVE-2022-21587) in Oracle Solaris, leading to full system compromise.
The agency failed to detect the intrusion for five months.
The red team gained further access through phishing and weak password exploitation, leading to a full domain compromise.
Impact:
Security Gaps: The exercise exposed critical vulnerabilities, such as unpatched systems, weak passwords, and inadequate log collection.
Extended Access: The red team accessed sensitive web apps and databases for months and successfully compromised the Windows network.
Recommendations: CISA emphasized the need for defense-in-depth strategies, better network segmentation, and not over-relying on known indicators of compromise.
Policy Changes: The findings highlight the importance of applying patches promptly and improving detection and response mechanisms within federal agencies.
Read the full article HERE