| The Cybersecurity and Infrastructure Security Agency (CISA) and US Coast Guard (USCG) are issuing this Joint Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby informing security defenders in other organizations of potential similar issues and encouraging them to take proactive measures to enhance their cybersecurity posture. |
| CISA led a proactive hunt engagement at a US critical infrastructure organization with the support of USCG analysts. During hunts, CISA proactively searches for evidence of malicious cyber activity or threat actor presence on customer networks. The organization invited CISA to conduct a proactive hunt to determine if a threat actor had been present in the organization’s environment. |
| During this engagement, CISA did not identify evidence of malicious cyber activity or threat actor presence on the organization’s network, but did identify cybersecurity risks. |
| In coordination with the organization where the hunt was conducted, CISA and USCG are sharing cybersecurity risk findings and associated mitigations to assist other critical infrastructure organizations with improving their cybersecurity posture. Recommendations are listed for each of CISA’s findings, as well as general practices to strengthen cybersecurity for OT environments. These mitigations align with CISA and the National Institute for Standards and Technology’s (NIST) Cross-Sector Cybersecurity Performance Goals and with mitigations provided in the USCG Cyber Command’s 2024 Cyber Trends and Insights in the Marine Environment Report. |
| Although no malicious activity was identified during this engagement, critical infrastructure organizations are advised to review and implement the mitigations listed in this advisory to prevent potential compromises and better protect our national infrastructure. These mitigations are listed in order of importance. |