CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.
Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.