An unnamed US federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday (Sept 24).
While several details of the hack were not revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.
The hacker implanted malware that evaded the agency's protection system and was able to gain access to the network by using valid access credentials for multiple users' Microsoft 365 accounts and domain administrator accounts, according to authorities.
Investigators were not able to determine how the hacker initially obtained the credentials.
But the agency said it was possible that the hacker obtained them by exploiting a known vulnerability in Pulse Secure virtual private network servers.
The network breach was not related to the upcoming US election, according to a Department of Homeland Security official.
CISA is part of the department.
CISA released technical details concerning the breach, but did not provide any information about what data was stolen or whether the hack was carried out by a rival nation state.
The US government occasionally makes such "technical indicators" public so that companies or other governments can check to see if their own systems are under attack.
CISA became aware of the breach via an intrusion detection system that monitors federal civilian agencies.