Cybersecurity company identifies months-long attack on US federal commission

The United States Commission on International Religious Freedom (USCIRF) has been hit with a cyberattack, according to cybersecurity firm Avast

Avast did not identify the federal agency affected but The Record was able to determine it was the USCIRF.

The Cybersecurity and Infrastructure Security Agency (CISA) declined to comment on the attack and said all requests for more information should go to USCIRF. USCIRF did not respond to requests for comment. 

Created in 1998, USCIRF describes itself as a US federal government commission that monitors the right to freedom of religion or belief abroad.  

“USCIRF uses international standards to monitor religious freedom violations globally, and makes policy recommendations to the President, the Secretary of State, and Congress,” the organization said on its website

In Avast’s report, the company said attackers were able to compromise systems on USCIRF’s network in a way that “enabled them to run code as the operating system and capture any network traffic traveling to and from the infected system.” 

The report notes that there is evidence that the attack was done in multiple stages and may have involved “some form of data gathering and exfiltration of network traffic.”

“Further because this could have given total visibility of the network

Read More: