CISA warns feds about large-scale phishing campaign by foreign actor

The Cyber Security and Infrastructure Security Agency (CISA) is warning federal executives about a large-scale phishing campaign by a foreign actor. In a new alert issued last night, CISA said adversaries often pose as a trusted entity by sending spear-phishing emails containing malicious remote desktop protocol files. Once they have gained access, the threat actor can perform additional activities, such as deploying malicious code to gain persistent access to the target’s network. CISA recommends that public and private sector organizations do 10 things to protect themselves, including restricting remote output protocol files and preventing these files from running on the network.
After a challenging few years, the Army enlisted nearly 225,000 new recruits in fiscal year 2024. The Army recruited more than 25,000 more people than in fiscal year 2023. In 2024, there was a 35 percent increase in the number of contracts of written enrollment compared to the previous year. The active components began fiscal year 2025 with 10 percent more recruits in the delayed entry program. In addition, the Military Entrance Processing Command (USMEPCOM) saw a 48 percent year-over-year increase in medical exams, which are a critical part of the enlistment process.
Just days before Election Day, a group of career federal employees is calling for more protection against online threats. One type of threat feds face is doxing, or the malicious posting of feds’ personal information online without their consent. Thousands of members of the Department of Justice Gender Equality Network (DOJ GEN) are urging DOJ leadership to expand the response and prevention of those threats to career services. Agency leaders acknowledged what they said was a “recent escalation of attacks” against DOJ employees. But the DOJ GEN said it was still concerned about the lack of protection. In a letter this week to DOJ leaders, the group outlined specific steps the agency can take to better protect career agents from attacks.
An oversight report said the Postal Service (USPS) could do more to prevent employees from stealing mail. Mail theft involving USPS employees is rare, but those cases are also on the rise. The USPS closed nearly 1,800 domestic mail thefts in 2023. Many cases involve employees taking mail containing credit cards, checks, cash, gift cards or other valuables. The USPS Office of Inspector General said some security cameras at mail processing plants are not working and that the Postal Inspection Service does not have a plan on how to monitor those cameras. It also notes that the USPS does not have a nationwide policy on bringing personal items onto the workroom floor that could be used to aid in the theft of mail and packages.
When addressing common needs that don’t fit neatly into the responsibilities of one military branch, the services worry that the Office of the Secretary of Defense could act as a “sixth service” through initiatives like the Rapid Defense Experimentation Reserve. Assistant Secretary of Defense for Mission Capabilities Thomas Browning said he sees his office as a “partner of the services and not an adversary.” While solving common problems like large-scale command and control makes the process of assigning roles and responsibilities difficult, it’s about finding that service that is the best partner and then evolving how the service is organized, trained and equipped.
The Office of Management and Budget (OMB) has a plan to increase public engagement with your agency and wants to know what you think about it. The Office of Management and Budget’s new draft guidance on increasing public engagement builds on and incorporates feedback from the request for information released last March. OMB encourages agencies to ensure that their decision-making process meaningfully invites and incorporates public input by using best practices, such as building on existing community relationships. Along with the draft guidance, OMB is also releasing an outline for a set of tools to help agencies plan, implement, and evaluate the impact of meaningful participation and engagement. Feedback on the grade and toolkit will be received by November 29.
Agencies are getting a new round of funding to continue trying to reduce the federal government’s carbon footprint. The Department of Energy awarded nearly $150 million in grants for 67 energy conservation and clean energy projects at federal facilities in 28 states and territories and six international locations. The projects will use money from the bipartisan Infrastructure Act to adopt cleaner, more cost-effective technologies to reduce pollution and improve air quality. This is the second and final installment of the AFFECT grant program, which aims to help the government meet President Joe Biden’s goal of reducing net greenhouse gas emissions from all federal buildings by 2045.
There are six key strategies agencies can use to improve their workplaces for employees. Several of these strategies tell agencies to provide continuous learning opportunities and modernize federal recruiting practices. All strategies are presented in a new report by the National Academy of Public Administration (ANPA). In order to operate effectively, agencies must ensure their workplaces are “healthy” for employees, NAPA said. That’s easier said than done, but NAPA President and CEO Terry Gerton said he sees agencies starting down the road. “Now that it’s accessible, people feel like it’s not so esoteric anymore, that now it’s something they can do,” Gerton said.
Agencies are bringing AI talent to the federal workforce. More than 250 artificial intelligence experts have joined government service in the year since President Joe Biden asked agencies to step up their use of the emerging technology through an executive order. The Biden administration expects agencies to double that hiring level by the end of fiscal year 2025. The Office of Personnel Management has held several technology-focused job fairs online this year. And the Department of Homeland Security launched its AI Corps with more than 30 members on board.