(Bloomberg) -- An unnamed U.S. federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday.
While many details of the hack weren’t revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.
The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.
Investigators weren’t able to determine how the hacker initially obtained the credentials. But the agency said it was possible that the hacker obtained them by exploiting a known vulnerability in Pulse Secure virtual private network servers.
CISA released technical details about the breach, but didn’t provide any information about what data was stolen or whether the hack was carried out by a rival nation state. The U.S. government occasionally makes such “technical indicators” public so that companies or other governments can check to see if their own systems are under attack.
CISA became aware of the breach via an intrusion detection system that monitors federal civilian agencies.
©2020 Bloomberg L.P.