casim.blogg.se - Microsoft office for federal employees

Once the threat actor made a connection, the actor then could leverage other vulnerabilities to escalate account privileges and install web shells that enabled the actor to remotely access a Microsoft Exchange Server. The vulnerabilities initially allowed threat actors to make authenticated connections to Microsoft Exchange Servers from unauthorized external sources. According to a White House statement, based on a high degree of confidence, malicious cyber actors affiliated with the People's Republic of China's Ministry of State Security conducted operations utilizing these Microsoft Exchange vulnerabilities. This included versions that federal agencies hosted and used on their premises. While the response and investigation into the SolarWinds breach were still ongoing, Microsoft reported in March 2021 the exploitation or misuse of vulnerabilities used to gain access to several versions of Microsoft Exchange Server. Since the company's software, SolarWinds Orion, was widely used in the federal government to monitor network activity and manage network devices on federal systems, this incident allowed the threat actor to breach several federal agencies' networks that used the software (see figure 1).įigure 1: Analysis of How a Threat Actor Exploited SolarWinds Orion Software The federal government later confirmed the threat actor to be the Russian Foreign Intelligence Service.

Web Sites, Web Applications & Software (XLSX, 38 KB)ĭirect feedback about the Department or OS to the OS Accessibility Program.Beginning as early as January 2019, a threat actor breached the computing networks at SolarWinds-a Texas-based network management software company, according to the company's Chief Executive Officer.

Checklists aid in the creation of conformance reports.

A notice of benefits, program eligibility, employment opportunity, or personnel actionĬhecklists are available in Microsoft Excel format.

An internal or external program or policy announcement.

An initial or final decision adjudicating an administrative claim or proceeding.

Intranet content designed as a web page.

Posting to and the use of social media sites.

Email, PDFs, Microsoft Office documents, support materials.

Software used but not purchased by the federal government.

Websites, web applications, desktop software and mobile applications.

The following are examples of ICT and internal official agency communications. All public facing ICT and internal official agency communications must conform.

The checklists contain evaluation criteria for information and communications technology (ICT).