U.S. Government Networks Under Attack - Alert AA20-258A
A threat actor targeted the United States government sector using commercial and open-source tools including Cobalt Strike, China Chopper, and Mimikatz. The initial infection vector consisted of exploiting known vulnerabilities in F5 Big-IP, Citrix VPN appliances, and Pulse VPN servers. The group also sent spear-phishing emails with malicious links to gain access to the network. The actor collected sensitive information including emails from Microsoft Exchange servers and used proxies to exfiltrate the data to command and control servers.