Select Page

A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a “classic APT-type operation.”

“This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply,” Czech security company Avast said in a report published last week.

The name of the federal entity was not disclosed, but reports from Ars Technica and The Record tied it to the U.S. Commission on International Religious Freedom (USCIRF). Avast said it was making its findings public after unsuccessful attempts to directly notify the agency about the intrusion and through other channels put in place by the U.S. government.

At this stage, only “parts of the attack puzzle” have been uncovered, leaving the door open for a lot of unknowns with regards to the nature of the initial access vector used to breach the network, the sequence of post-exploitation actions taken by the actor, and the overall impact of the compromise itself.

images from Hacker News