CISA breached a federal agency as part of its red team program - and nobody noticed for five months

CISA breached a federal agency as part of its red team program - and nobody noticed for five months

Briefly

The program SILENTSHIELD involved a red team simulating nation-state threat actors, revealing poor security posture like inadequate firewalling and lack of EDR alert analysis.

ITProhttps://www.itpro.com/security/cisa-breached-a-federal-agency-as-part-of-its-red-team-program-and-nobody-noticed-for-five-months

Exploiting an unpatched web server and a phishing attack helped the red team compromise the organization's domain, gaining access to tier zero assets and external networks.

ITProhttps://www.itpro.com/security/cisa-breached-a-federal-agency-as-part-of-its-red-team-program-and-nobody-noticed-for-five-months