top of page

CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks

Updated: Mar 14, 2023


 

On February the 28th, CISA released a Cybersecurity Advisory detailing the latest findings from the most recent CISA Red Team Assessment. This release details the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders of critical infrastructure organizations proactive steps to reduce the threat of similar activity from malicious cyber actors.


In this RTA (Red Team Assessment) the team gained persistent access to the organization’s network, moved laterally across the organization’s multiple geographically separated sites, and eventually gained access to systems adjacent to the organization’s sensitive business systems (SBSs). Multifactor authentication (MFA) prompts prevented the team from achieving access to one SBS, and the team was unable to complete its viable plan to compromise a second SBSs within the assessment period.


Despite having a mature cyber posture, the organization did not detect the red team’s activity throughout the assessment, including when the team attempted to trigger a security response.


You can find more information about the TTPs used on CISA's release here, or directly download the report from CISA in PDF format here.

24 views

Recent Posts

See All

CISA Adds Two Known Exploited Vulnerabilities to Catalog

On April the 13th, CISA added two known vulnerabilities to their catalog. This time we can find a vulnerability that affects the Android Framework, by meanings of a Privilege Escalation Vulnerability.

Comments


Commenting has been turned off.
bottom of page