The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new advisory saying there are "advanced persistent threat actors" (APT) targeting US think tanks.
They note that the malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy.
The advisory provides guidance to help assist think tanks in developing network defense procedures to prevent or rapidly detect these attacks.
The APT actors have used spearphising emails and third-party message services directed at both individual and corporate accounts, as well as exploiting vulnerable web-facing devices and remote connection capabilities.
The advisory also notes that increased telework during the COVID-19 pandemic and the subsequent reliance on remote connectivity "has afforded malicious actors more opportunities to exploit those connections and to blend in with increased traffic."
"Given the importance that think tanks can have in shaping US policy, CISA and the FBI urge individuals and organizations in the international affairs and national security sectors to immediately adopt a heightened state of awareness and implement the critical steps" listed in the advisory.