"A "widespread cybersecurity incident" at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen Federal Emergency Management Agency technology employees announced late last month, according to internal meeting notes and a person familiar with the matter."
"The initial compromise began June 22, when hackers accessed Citrix virtual desktop infrastructure inside FEMA using compromised login credentials. Data was exfiltrated from Region 6 servers, the image says. That FEMA region services Arkansas, Louisiana, New Mexico, Oklahoma and Texas, as well as nearly 70 tribal nations. Some of those states sit on the nation's southern border. That region has long been a flashpoint in the Trump administration immigration policies, which have emphasized shoring up funding and resources for CBP."
Hackers accessed FEMA systems beginning June 22 by using compromised Citrix virtual desktop credentials and exfiltrated data from Region 6 servers. The stolen information included employee data from FEMA's disaster management office and U.S. Customs and Border Protection. DHS security operations learned of the breach on July 7 and the intruder attempted to install virtual networking software with high-level account access on July 14. Initial remediation occurred July 16, with further actions on Sept. 5 including Zscaler policy changes and website blocks. An August 18 email required agencywide password changes. Later, about two dozen FEMA IT employees were dismissed following a review.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]