U.S. State Government Network Breached via Former Employee's Account


A U.S. state government organization’s network was breached via a former employee’s administrator account, allowing the threat actor to authenticate to an internal VPN access point and access a virtualized SharePoint server. The credentials were likely obtained from a separate data breach, and the attackers posted host and user information on the dark web. The organization reset passwords, disabled the compromised accounts, and highlighted the importance of enabling multi-factor authentication (MFA) and securing privileged accounts.

Read More…