CISA details security flaws exposed at civilian agency through ‘red team’ testing

The Cybersecurity and Infrastructure Security Agency is providing mitigation tactics in a recent advisory for federal agencies from a “red team” exercise that successfully gained access to a government network over an eight-month period in 2023.

“This Cybersecurity Advisory (CSA) details key findings and lessons learned from a 2023 assessment, along with the red team’s tactics, techniques, and procedures (TTPs) and associated network defense activity,” CISA says in a July 11 release.

CISA’s red teaming takes place under an...