National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), SVR' (Russia's Foreign Intelligence Service) announced that the APT29 hacker group, which is thought to be supporting, frequently exploits five known vulnerabilities.
APT29 known as cyber threat actors named Cozy Bear and The DukesThe vulnerabilities exploited by the hacker group are listed in the CVE data base .
CAND lists here is:
- CVE-2018 -13379: Fortinet FortiGate VPNvulnerability
- CVE-2019 -9670: Synacor Zimbra Collaboration Suitevulnerability
- CVE-2019 -11510: Pulse Secure Pulse Connect Secure VPNvulnerability
- CVE-2019 -19781: Citrix Application Delivery Controller and Gatewayvulnerability
- CVE-2020 -400: VMware Workspace ONE Accessvulnerability
Techniques used by attackers;
- Use publicly available vulnerabilities: Enemies can cause unwanted or unexpected behavior connected from a weakness in a computer or program try to leveragefolds.
- Use external remote servicess: Cyber threat actors outsource to initially access and/or stay within a networkconnected can use remote services. Remote services such as VPNs, Citrix, and other access mechanisms (especially RDP) allow users to access external locations. allows it to connect to internal corporate network resources.
- Users may manipulate products or product delivery mechanisms before they are received by the final consumer for data or system consensus purposes.
- Default using accounts: Competitors can obtain and misuse the credentials of existing accounts as a way to gain access or elevate permissions.
- Cyber threat actors can exploit software vulnerabilities to collect credentials.
- Fake web credentials: Attackerto a valid SAML token-signing certificate
The NSA, CISA and FBI are encouraging them to check their networks for Indicators of Compromise (IOCs) on five vulnerabilities.
Source:
nsa.gov
