CISA conducted a proactive hunt engagement with the U.S. Coast Guard, finding no evidence of malicious cyber activity but identifying several cybersecurity risks including insufficient logging and insecure credential storage. AttackIQ provides scenarios and recommendations to help organizations test and mitigate these risks effectively. #CISA #USCoastGuard #AttackIQ
Keypoints
- CISA conducted a hunt engagement with the U.S. Coast Guard to detect cyber threat actor presence but found no evidence of malicious activity.
- Several cybersecurity risks were identified, such as insufficient logging, insecure credential storage, shared local admin credentials, unrestricted remote access, poor network segmentation, and device misconfigurations.
- AttackIQ offers scenarios to emulate techniques such as Create Account, Lateral Movement through SSH and RDP, and Open Ports Checking to help organizations assess their defenses.
- The MITRE ATT&CK tables referenced in the CISA advisory provide additional frameworks for testing speculative tactics and techniques.
- Organizations are advised to review and implement CISA’s mitigation recommendations to improve their security posture against similar threats.
- AttackIQ’s continuous testing approach helps validate security controls and improve detection and mitigation strategies in real-time environments.
- AttackIQ supports MSSP partners and the cybersecurity community through training, research partnerships, and flexible program offerings.
MITRE Techniques
- [T1136] Create Account – Emulated by AttackIQ scenarios to simulate unauthorized account creation as part of testing defensive controls. (“Create Account”)
- [T1021] Lateral Movement Through SSH – Technique tested by AttackIQ to emulate lateral movement via Secure Shell protocol. (“Lateral Movement Through SSH”)
- [T1021.001] Lateral Movement Through Remote Desktop Protocol – Emulated to assess lateral movement opportunities using RDP. (“Lateral Movement Through Remote Desktop Protocol”)
- [T1046] Open Ports Checking – Scenarios available to test detection of open network ports that could be exploited. (“Open Ports Checker”)
Indicators of Compromise
- [Credential] Shared local administrator credentials – Identified as a cybersecurity risk across multiple workstations.
- [Network Configuration] Unrestricted remote access for local admin accounts – Highlighted as a vulnerability in USCG environment.
- [Logging] Insufficient logging practices – Noted as a significant security gap impacting detection capabilities.
Read more: https://www.attackiq.com/2025/08/01/response-to-cisa-advisory-aa25-212a/