Works cited
[1] Norwegian Police Security Service (PST), “Datainnbruddet mot Stortinget er ferdig etterforsket,” December 8, 2020. https://www.pst.no/alle-artikler/pressemeldinger/datainnbruddet-motstortinget-er-ferdig-etterforsket/
[2]Microsoft Threat Intelligence Center (MSTIC), “STRONTIUM: Detecting new patterns in credential harvesting.” September 10, 2020. https://www.microsoft.com/security/blog/2020/09/10/strontiumdetecting-new-patters-credential-harvesting/
[3]National Security Agency, “Detect and Prevent Web Shell Malware.” April 22, 2020. https://www.nsa.gov/cybersecurity-guidance
[4]National Security Agency, “Selecting Secure Multi-factor Authentication Solutions.” October 16, 2020. https://www.nsa.gov/cybersecurity-guidance
[5]National Security Agency, “Mitigating Cloud Vulnerabilities.” January 22, 2020. https://www.nsa.gov/cybersecurity-guidance
[6]National Security Agency, “Embracing a Zero Trust Security Model.” February 25, 2021. https://www.nsa.gov/cybersecurity-guidance
Disclaimer of warranties and endorsement The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.
Trademark recognition Active Directory, Microsoft Exchange, Office 365, Office, Outlook, OWA, Powershell, Windows, and Windows NT® are registered trademarks of Microsoft Corporation. - Kubernetes is a registered trademark of the Linux Foundation. WinRAR is a registered trademark of Roshal, Alexander. - IPVanish is a registered trademark of Mudhook Marketing, Inc. - NordVPN is a registered trademark of NORDSEC PLC. - ProtonVPN is a registered trademark of Proton Technologies AG. - Surfshark is a registered trademark of SURFSHARK LTD. - Firefox® and Mozilla® and are registered trademarks of Mozilla Foundation. - Chrome® is a registered trademark of Google, Inc. - Mac® and WebKit® are registered trademarks of Apple, Inc.
Purpose This document was developed by NSA, CISA, FBI, and NCSC in furtherance their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
Contact information Client Requirements / General Cybersecurity Inquiries: Cybersecurity Requirements Center, 410-854-4200, [email protected]
Media Inquiries / Press Desk: 443-634-0721, [email protected]