The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are warning that advanced persistent threat (APT) actors are exploiting vulnerabilities in internet-facing devices and remote connections and using spear phishing emails to access networks of U.S. think tanks.
“Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic,” the advisory reads.
The advisory from CISA and the bureau listed several tactics, techniques and procedures APT actors used to target think tanks, including defense evasion and privilege escalation techniques and those used to gain initial and credential access.
The two agencies advised users at think tanks to be aware of tailored spear phishing attacks, log off remote connections when not in use and use different passwords for personal and corporate accounts, among others.
Cybersecurity and information technology professionals at think tanks should also take steps, such as segregating and segmenting networks and functions, implementing multifactor authentication for corporate accounts and fielding antivirus software on organizational devices.