CISA says unnamed US federal agency got hacked using valid credentials for users’ Microsoft 365 and domain admin accounts

CISA announced Thursday that an unnamed United States government agency was hacked in an unusual method. The attacker used valid credentials for multiple users’ Microsoft 365 accounts, and users’ domain administrator accounts.

The Cybersecurity & Infrastructure Security Agency, known as CISA, was alerted to the breach by an intrusion detection system that monitors federal civilian agencies, reports Bloomberg News:

The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.

Investigators weren’t able to determine how the hacker initially obtained the credentials. But the agency said it was possible that the hacker obtained them by exploiting a known vulnerability in Pulse Secure virtual private network servers.

CISA released technical details about the breach, but didn’t provide any information about what data was stolen or whether the hack was carried out by a rival nation state. The U.S. government occasionally makes such “technical indicators” public so that companies or other governments can check to see if their own systems are under attack.

More at Bloomberg [via Techmeme]