The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity in relation to their interference with the United States presidential elections. The SafeBreach Hacker's Playbook™ already has coverage on attack methods detailed for both US-CERT alerts.
US CERT Alert (AA20-296A) details how Russian-sponsored APT actors obtain user and administrator credentials to establish initial access, enable lateral movement once inside the network, and locate high value assets in order to exfiltrate data.
US-CERT Alert (AA20-296B) Iranian APT actors use spear-phishing campaigns, website defacements, and disinformation campaigns to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud.
Listen below as Tomer Bar, Research Team Leader at SafeBreach, breaks down the techniques outlined in these CERT Alerts:
4 newly developed playbook methods related to AA20-296A:
10 existing playbook methods related to AA20-296A:
2 newly developed playbook methods related to AA20-296B:
What you should do now
The new attack methods for US-CERT AA20-296A and AA20-296B are already in the SafeBreach Hacker’s Playbook and ready to be run across your simulators. The Known Attack Series report is being updated so you can run the specific attacks from these US-CERT alerts. From the Known Attack Series report, select the US-CERT Alert AA20-296A (Russian Threat Actors) or AA20-296B (Iranian Threat Actors) report and select Run Simulations which will run all the attack methods.