The information was collected when CISA investigated the hacking of a defense industrial base organization’s enterprise network between November 2021 and January 2022. The investigation, conducted in collaboration with a third-party incident response firm, revealed that multiple threat groups had compromised the victim’s network and some of them had access for at least one year.
The report published by the three government agencies focuses on some of the tools used by the threat actors. One of them is Impacket, an open source collection of Python modules for programmatically constructing and manipulating network protocols. Impacket was used by the hackers to gain a foothold within the victim’s environment and further compromise their network.