U.S. State Government Network Breached via Former Employee's Account
16-Feb-24
A U.S. state government organization’s network was breached via a former employee’s administrator account, allowing the threat actor to authenticate to an internal VPN access point and access a virtualized SharePoint server. The credentials were likely obtained from a separate data breach, and the attackers posted host and user information on the dark web. The organization reset passwords, disabled the compromised accounts, and highlighted the importance of enabling multi-factor authentication (MFA) and securing privileged accounts.
