Today, CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedures (TTPs) utilized by a threat actor and methods to protect against similar exploitation.
Following an incident response assessment of a state government organization’s network environment, analysis confirmed compromise through network administrator credentials of a former employee. This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point.
CISA and MS-ISAC encourage network defenders and organizations review the TTPs and implement the mitigations provided in the joint CSA. For more information, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025. These advisories provide…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide…
CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency,…
This website uses cookies.