Nation state threat actors have been on a rampage lately, targeting local US municipalities with limited security capabilities. Since 2019 there have been a rash of ransomware and targeted attacks aimed squarely at various local governments across the United States, seemingly at random and with no discernable pattern. In a security alert to private industry partners, the FBI has announced two additional breaches to local government agencies by nation state adversaries took place last year.
The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municipalities' networks.
The FBI says that once attackers got a foothold on these networks, "malicious activities included exfiltration of user information, escalation of administrative privileges, and the dropping of webshells for remote/backdoor persistent access."
Although not yet confirmed, some of these breaches of local governments appear to have been conducted by nation state attacks threat actors looking to steal data. While ransomware is generally the most widely used malware type, lately there appears to be an interesting nexus between threat actors and either the governments they represent or are sympathetic to.
Unfortunately municipalities like those targeted here are extremely underfunded. They not only lack the security tools required to protect and provide visibility of these attacks, but also likely have limited cyber security expertise on staff. It is only after incidents like these that the governments will prioritize budget in the short term, and then it is primarily to fix the current issue rather than deploy long-term solutions.
The best that can be done moving forward is creating awareness so the local governments understand the threats they face, thus allowing them to [hopefully] make an informed decision.