Researchers observed a "very messy attack" on a regional U.S. government agency where attackers lurked in the network for at least five months before ransomware was deployed.
The prolific APT group compromised state government networks by exploiting the Log4j flaw and a vulnerability in an animal health emergency reporting system.
The board, tasked with identifying and sharing lessons learned from “significant cybersecurity events," will first assess the Log4j logging library flaw.
The White House has outlined a number of cybersecurity measures that federal agencies must adopt - as part of an overall zero-trust strategy - though it acknowledges that the transition "will not be a quick or easy task."
A National Security Memorandum signed Wednesday by President Joe Biden addresses various cybersecurity mandates - including MFA and encryption - for national security systems.