CISA issues warning to feds about large-scale spear phishing campaign by a foreign actor

In a new alert issued late yesterday, CISA said the adversaries are often posing as a trusted entity.

  • The Cybersecurity and Infrastructure Security Agency (CISA) is warning federal executives about a large-scaling spear phishing campaign by a foreign actor. In a new alert issued late yesterday, CISA said the adversaries are often posing as a trusted entity by sending spear-phishing emails containing malicious remote desktop protocol files. Once they have gained access, the threat actor may pursue additional activities, such as deploying malicious code to achieve persistent access to the target’s network. CISA recommends public and private sector organizations do 10 things to protect themselves, including restricting outbound remote desktop protocol files and prevent these files from executing on the network.
  • After several challenging years, the military enlisted nearly 225,000 new recruits in fiscal 2024. The military recruited over 25,000 more people than in fiscal 2023. In 2024, there was a 35% increase in the number of enlistment contracts written compared to the previous year. The active components kicked off fiscal 2025 with a 10% larger pool of recruits in the delayed entry program. In addition, the Military Entrance Processing Command (USMEPCOM) saw a 48% year-over-year increase in medical exams, which is a critical part of the enlistment process.
  • Just days ahead of Election Day, a group of career federal employees is calling for more protections against online threats. One type of threat feds face is doxing, or the malicious publication of feds’ personal information online without their consent. Thousands of members of the Department of Justice Gender Equality Network (DOJ GEN) are urging DOJ leadership to scale up the response to, and prevention of, those threats to career feds. Agency leaders have recognized what they said has been a recent “escalation of attacks” against DOJ employees. But DOJ GEN said it’s still concerned about a lack of protection. In a letter this week to DOJ leaders, the group outlined specific steps the agency can take to better protect career feds against the attacks.
    (Letter on doxing and other online threats - Department of Justice Gender Equality Network)
  • A watchdog report said the Postal Service (USPS) could do more to keep employees from stealing mail. Mail theft involving USPS employees is rare but those cases are also on the rise. USPS closed nearly 1,800 of internal mail theft in 2023. Many cases involve employees taking mail that contains credit cards, checks, cash, gift cards or other valuable items. The USPS Inspector General’s Office said some security cameras in mail processing plants don’t work and that the Postal Inspection Service doesn’t have a plan on how to monitor those cameras. It also finds USPS doesn’t have a nationwide policy on bringing personal belongings onto the workroom floor which could be used to help steal mail and packages.
  • When addressing joint needs that don’t fit neatly within any one military branch’s responsibilities, services get worried that the Office of the Secretary of Defense might act as the “sixth service” through initiatives such as the Rapid Defense Experimentation Reserve. Assistant Secretary of Defense for Mission Capabilities Thomas Browning said he sees his office as a “partner to the services and not an opponent.” While solving joint problems such as command and control at large scale makes the process of assigning roles and responsibilities challenging, it’s about finding that service that is the best partner and then evolving how that service is organized, trained and equipped.
  • The Office of Management and Budget (OMB) has a plan to increase public engagement with your agency and wants to know what you think about it. The Office of Management and Budget's new draft guidance on increasing public engagement builds on and incorporates feedback from the request for information released last March. OMB encourages agencies to ensure that their decision-making meaningfully invites and incorporates public input by using best practices such as building on existing community relationships. Along with the draft guidance, OMB also is releasing a draft outline for a toolkit to help agencies plan, implement and assess the impact of meaningful participation and engagement. Feedback on the draft memo and toolkit are due by Nov. 29.
  • Agencies are getting another round of funding to continue to try to reduce the federal government's carbon footprint. The Energy Department handed out almost 150 million dollars in grants for 67 energy conservation and clean energy projects at federal facilities across 28 states and territories and six international locations. The projects will use the money from the Bipartisan Infrastructure Law to adopt cleaner, more cost-effective technologies to reduce pollution and improve air quality. This is the second and final installment of the $250 million dollar Assisting Federal Facilities with Energy Conservation Technologies or AFFECT grant program, which aims to help the government achieve President Joe Biden’s goal of net-zero greenhouse gas emissions from all federal buildings by 2045.
  • There are six key strategies agencies can use to improve their workplaces for employees. A few of those strategies tell agencies to offer opportunities for continuous learning and modernize federal recruitment practices. All the strategies are all laid out in a new report from the National Academy of Public Administration (NAPA). To be able to perform effectively, agencies have to ensure their workplaces are “healthy” for employees, NAPA said. That’s easier said than done, but NAPA President and CEO Terry Gerton said she’s seeing agencies start on the path forward. “Now that it’s accessible, people feel like it’s not so esoteric anymore, that this is really now something that they can do,” Gerton said.
  • Agencies are bringing AI talent into the federal workforce. More than 250 AI experts joined government service in the year since President Joe Biden called on agencies to step up their use of this emerging tech in an executive order. The Biden administration expects agencies will double this level of hiring by the end of fiscal 2025. The Office of Personnel Management held several tech-focused job fairs online this year. And the Department of Homeland Security launched its AI Corps with more than 30 members on board.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories