FBI And Homeland Security Warning: The FBI And CISA Have Observed Targeting U.S. Think Tanks By APT

FBI and Homeland Security Warning: The FBI and CISA have observed U.S. think tanks targeting by APT

In a joint cybersecurity advisory published on December 1, the FBI and CISA warned about APT targeting the U.S. think tank organizations. They observed persistent cyber intrusions and advised think tanks to come up with procedures for the network defense.

The Advanced Persistent Threat (APT) actors mostly target individuals and organizations concentrating on international affairs or national security policy.

Previous attempts by APT groups

Similarly, in April 2020, the FBI published a private industry notification concerning the perpetual targeting of U.S. thinks tanks by APT groups. These groups are active since at least 2014. All they try is to obtain access and withdraw sensitive information.

James McQuiggan, a security awareness advocate at KnowBe4, says that nation-states and cybercriminals target all organizations, including think tanks. They see it as the more accessible way into the infrastructure and systems by phishing the human.

Cyber threat actors have been successful in acquiring information on a variety of sensitive topics. These include the following subjects, to name a few.

  • U.S. election-related topics
  • U.S. Interests/Conflicts with Competing World Powers
  • U.S. and NATO Interests
  • U.S. Defense Plans
  • U.S. Decision Making
  • U.S. National Security Issue
  • U.S Politics and Foreign Policy


Cyber Resilience and Response Subscription Program to immediately respond and remediate to cyber incidents and breaches.


Methods of attacks

APT groups use different methods to obtain initial access to their victims. Among them, they notably employ spear-phishing and third-party messaging services to attempt initial access.

To obtain initial access or persistence on a victim’s network, they may use virtual private networks and other remote work tools. The actors are targeting both the personal and corporate accounts of intended victims.

Also, APT actors exploit unprotected web-facing devices and remote connection capabilities as another malicious tactic.

These effortless approaches enable them to steal sensitive information in the event of being successful.


Recently, due to COVID-19, a large number of the workforce has embraced remote connections. Such a scenario is full of opportunities for APT actors to exploit those connections.

In such a volatile situation, organizations have to keep up a robust security awareness training program. To keep employees updated on the latest cyberattack patterns, they have to update it regularly.



The FBI and CISA warning

The latest news on the APT activities

A joint advisory published on Tuesday evening