Cyber-security researchers have announced that hackers hit the United States Commission on International Religious Freedom (USCIRF), a federal commission associated with international rights.
According to cyber-security firm Avast, despite repeated attempts through multiple channels over the course of months to make them aware of and resolve this issue, the USCIRF would not engage with them regarding the attack.
“After initial communication directly to the affected organisation, they would not respond, return communications or provide any information. The attempts to resolve this issue included repeated direct follow up outreach attempts to the organisation,” Avast said in a statement.
While no information has come out on the impact of the attack or the actions taken by the attackers, Avast believes “it’s reasonable to conclude that the attackers were able to intercept and possibly exfiltrate all local network traffic in this organisation.
This could include information exchanged with other US government agencies and other international governmental and non-governmental organisations (NGOs) focused on international rights.
“We also have indications that the attackers could run code of their choosing in the operating system’s context on infected systems, giving them complete control,” said the cyber-security firm.
Taken altogether, this attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply.
Created in 1998, USCIRF describes itself as a US federal government commission that monitors the right to freedom of religion or belief abroad.
“USCIRF uses international standards to monitor religious freedom violations globally, and makes policy recommendations to the President, the Secretary of State, and Congress,” the organisation said on its website.
According to ZDNet, the US Cybersecurity and Infrastructure Security Agency (CISA) declined to comment on the attack.
