The SafeBreach Hacker's Playbook™ already has coverage on attack methods described in US-CERT (AR20-268A) Federal Agency Compromised by Malicious Actor, which notes that by leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.
2 newly developed playbook methods related to AA20-268A:
8 existing playbook methods related to AA20-268A:
What you should do now
The new attack methods for US-CERT AA20-268A are already in the SafeBreach Hacker’s Playbook and ready to be run across your simulators. The Known Attack Series report is being updated so you can run the specific attacks from this US-CERT alert. From the Known Attack Series report, select the US-CERT Alert AA20-268A report and select Run Simulations which will run all the attack methods.