U.S. AGENCIES WARN VS RUSSIAN HACKING OF VULNERABLE SOFTWARE
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned Americans against Russian exploitation of five publicly known cyber vulnerabilities.
In a joint statement released on April 16, 2021, they issued the Cybersecurity Advisory “Russian SVR Targets U.S. and Allied Networks” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of those vulnerabilities.
The advisory was released alongside the US government’s formal attribution of the SolarWinds supply chain compromise and related cyber-espionage campaign.
"We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them," NSA, CISA and FBI declared.
NSA encouraged customers to mitigate against the following publicly known vulnerabilities: CVE-2018-13379 Fortinet FortiGate VPN; CVE-2019-9670 Synacor Zimbra Collaboration Suite; CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN; CVE-2019-19781 Citrix Application Delivery Controller and Gateway, and; CVE-2020-4006 VMware Workspace ONE Access.
Mitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors.
In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA.
This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials,’” the statement stressed.