Lol what a numpty!
“a state employee mistakenly downloaded a malware-laced tool from a spoofed website”
Why is any randomly downloaded software running on government computers to begin with? Why aren’t these systems and networks locked down better?
Their systems are probably wildly outdated, a monstrous mix-and-match of tech, stuff like that. A private corporation is easier to lock down. With government they have to follow dozens of outdated laws and guidelines, don’t have the freedom private enterprise has.
Everybody hates the government, but that take is not applicable.
Reading the incident report -
A privileged user got spearphished into downloading a compromised system administration tool. After the compromised tool was detected by industry standard (and modern) intrusion detection software and removed, the backdoor it installed, which was not fixed, was (eventually) used to install a keylogger. Shortly thereafter, another privileged user had a keylogger installed. Afterward, the harvested credentials were used to create further compromises in their network and to move laterally throughout it.The age of the equipment or software is not a factor when your admin accounts get compromised. The user that got compromised should have known better, but they literally failed one thing - double checking the veracity of the download website. They didn’t surrender credentials, or fall for any direct attack. It’s not really a government bad, private industry good sort of thing. Heck, if that had happened to a non-admin user, the attack wouldn’t have been possible.
It’s always phishing.
I’m always amazed at how dumb and incompetent some employees are. It’s really the peak difference between very smart and competent developers making the malware, and the idiots who fall for it.