U.S. Agencies Warns of Russian APT Operators Exploiting Five Publicly Known Vulnerabilities – E Hacking News
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly published an advisory on Thursday warning that Russian APT operators are exploiting five publicly known and already fixed vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.
The urgent advisory was issued by the U.S. authorities to call attention to a quintet of CVEs that are being actively exploited by a threat actor associated with Russia’s foreign intelligence service (SVR). According to the NSA, the five vulnerabilities should be prioritized for patching alongside the latest batch of Exchange Server updates published by Microsoft earlier this week.
NSA took up mitigation of known vulnerabilities in the SolarWinds Orion software supply chain, the use of WellMess malware against COVID-19 researchers, and network attacks exploiting VMware vulnerability. They left little doubt that quick action is necessary to protect against those attack vectors.
“Mitigation against these vulnerabilities is critically important as the U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” NSA, CISA, and FBI said.
“NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations,” the agencies added.
The vulnerabilities flagged by the agencies are:
• CVE-2018-13379 Fortinet FortiGate VPN
• CVE-2019-9670 Synacor Zimbra Collaboration Suite
• CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
• CVE-2019-19781 Citrix Application Delivery Controller and Gateway
• CVE-2020-4006 VMware Workspace ONE Access
According to AP News, ten Russian diplomats are being expelled by the US State Department as a result of this activity and 32 individuals and entities are accused of attempting to influence last year’s presidential election, including by spreading disinformation are sanctioned. “We cannot allow a foreign power to interfere in our democratic process with impunity”, president Biden said.
The US Department of the Treasury announced that it was sanctioning “16 entities and 16 individuals who attempted to influence the 2020 U.S. presidential election at the direction of the leadership of the Russian Government.” Four front media organizations associated with Russian intelligence services were identified as disinformation shops: SouthFront, NewsFront, InfoRos, and the Strategic Culture Foundation.