Hill ASC Inc.’s $14.75 million settlement with the U.S. Department of Justice closes a five-year saga in which the Rockville-based contractor allegedly billed agencies for “highly adaptive” cybersecurity support it was never qualified to deliver.

Investigators say Hill’s pitch hinged on a bespoke endpoint-monitoring platform that quietly seeded a loader, nicknamed “ShadowQuill,” across federal enclaves, promising rapid threat hunting while actually funneling traffic to third-party infrastructure.

ShadowQuill surfaced in mid-2021 when surge-pricing anomalies triggered an internal Treasury audit. Packet captures revealed TLS beacons masquerading as certificate revocation checks, allowing the loader to retrieve encrypted PowerShell payloads from GitHub gists.

Office of Public Affairs analysts noted the pattern echoed tactics previously linked to the SilentLibra group, correlating Hill’s invoice spikes with command-and-control bursts during quarterly patch cycles.

In practice, the malware exploited trusted scheduler permissions baked into the contractor’s remote-assist toolchain. Once invoked, it sidestepped host-based intrusion prevention by reflecting DLLs off memory pages already signed by legitimate vendors, leaving conventional signature scanners blind.

The impact stretched beyond inflated labor charges; network forensics suggest at least twenty internal repositories were scraped for source code relating to taxpayer-data analytics, prompting an urgent cross-agency...

Read Full Story: https://news.google.com/rss/articles/CBMifkFVX3lxTE42WGszUkQ5Tjl4WS0wdnpILTF6...