This persistent malicious activity, the two agencies say, mostly targets individuals and organizations that are connected to international affairs or which focus on national security policy.
The adversaries, CISA and the FBI say in an advisory this week, attempt initial access through spear-phishing and third-party messaging services, targeting both corporate and personal accounts of intended victims.
At the same time, the attackers attempt to exploit vulnerable devices that are exposed to the Internet, along with remote connection capabilities within the target networks.
“Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic,” the advisory reads.