CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

This CISA advisory documents a SILENTSHIELD red team assessment in 2023 that emulated sophisticated nation-state techniques to compromise a large federal organization's Solaris and Windows environments: an unpatched Oracle Web Applications Desktop Integrator RCE (CVE-2022-21587) enabled persistent access in a Solaris enclave, while targeted phishing compromised the Windows domain leading to full domain takeover, lateral movement into trusted partner domains, and exfiltration-capable C2 channels. The report maps the red team’s activity to MITRE ATT&CK, highlights failures in segmentation, logging, and incident response, and provides prioritized mitigations and testing guidance for defenders and software vendors.