P2021-ND-259

On June 7, 2021, the Organization discovered it was the subject of a cyberattack when a malware alert was triggered. An investigation determined that on or about June 4, 2021, a threat actor gained access to the Organization?s network via legacy network appliances/services and compromised credentials. It is not known how the credentials were obtained. The threat actor gained access to user accounts with elevated privileges through brute-force attack. The incident was contained on or about June 11, 2021; however, the Organization detected additional attempts to access the network two days later on June 13, 2021. The Organization assumes that the threat actor successfully exfiltrated records via FTP during the attack.

File Type: pdf
File Size: 757 KB
Categories: 2021