Compromised

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020.  This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions.  CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.

CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.  CISA advises stakeholders to read this Alert and review the enclosed indicators.

-- The Cybersecurity and Infrastructure Security Agency, Alert (AA20-352A) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, 17 December 2020