Hackers backed by the Iranian regime gained access to the network of a US federal government agency and used that access to install cryptocurrency mining software, according to an alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday. Officials discovered advanced persistent threat (APT) activity on the agency’s network in April of this year and discovered that it had been compromised since at least February. The hackers used a vulnerability to install XMRig crypto mining software and compromise network credentials. CISA did not identify the compromised agency, but stated that the alert was issued to “assist network defenders in detecting and protecting against related compromises.”
