FBI: Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities

1
1342

Russian Foreign Intelligence Service exploiting five publicly known vulnerabilities to compromise U.S. and Allied Networks

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities.

This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.

Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA.



This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials.”

NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.

NSA, CISA, and FBI also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.

NSA encourages its customers to mitigate against the following publicly known vulnerabilities:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

For more information, review the advisory or visit NSA.gov/cybersecurity-guidance.

View the infographic on understanding the threat and how to take action.

Telework and Mobile Security Guidance

End User Telework and Network Security Guides

Updated 14 Aug 2020 – Here are a subset of NSA’s cybersecurity products focused on telework and general network security guidance compiled below for ease of access. While all include resources applicable to the general end user, some delve into more technical solutions as well.

To view all of NSA’s published cybersecurity products, go to our Cybersecurity Advisories & Technical Guidance page here.

Telework Best Practices

View Full Report

This joint NSA and Department of Homeland Security Cybersecurity & Infrastructure Security Agency CISA slicksheet was designed during the era of COVID-19 to provide a list of “dos and don’ts” as they relate to telework. Helpful for end users using government-owned or personal devices.

Mobile Device Best Practices

View Full Report

This succinct guidance details steps end users may take to better protect their mobile devices and data.

Selecting and Safely Using Collaboration Services

View Executive Summary | View Full Report

This document provides security assessment guidance about commercially available collaboration services to enable the Department of Defense and other U.S. Government customers to most securely use collaboration platforms who do not have access to a government provided tools, accounts, or equipment.

Best Practices for Securing Your Home Network

View Full Report

Don’t be a victim; cyber criminals may leverage your home network to gain access to personal, private, and confidential information. Help protect yourself and your family by observing some basic guidelines and implementing the following mitigations on your home network.

Keeping Safe on Social Media

View Full Report

This brief guide highlights critical information and countermeasures users may take to help keep themselves and their sensitive data safe while connecting with others on social media.

Limiting Location Data Exposure

View Full Report

Mobile devices expose location data, and there is an associated risk that comes with using them. This report summarizes how and why location data might be shared and provides mitigations to limit this sharing, but warns there is no solution to fully protect a mobile device from being located.

Identity Theft Threat and Mitigations

View Full Report

Criminals can use a multitude of methods to obtain personally identifiable information, which can be used to carry out malicious actions. Personal protection from these actors must be dealt with on all fronts, as a layered approach. The information provided in this document is designed to help individuals protect themselves against identity theft and mitigate the risk.

Steps to Securing Web Browsing

View Full Report

Web browsers pose a unique risk to enterprise infrastructure because of their frequent exposure to untrusted dynamic content. Configuring browser security settings is challenging due to uncertainty of both attack mitigation effectiveness and impact on end users. A key goal of this paper is to avoid impact to users while also mitigating as many attacks as possible.

Mitigating Recent VPN Vulnerabilities

View Full Report

Multiple Nation State Advanced Persistent Threat actors are weaponizing known vulnerabilities to gain access to VPN devices. This document shares actions for compromise recovery and long-term hardening. Helpful for any net defenders or end users responsible for maintaining VPNs.

Securing IPSec Virtual Private Networks (VPNs)

View Full Report

This identifies common VPN misconfigurations and vulnerabilities and an overview of the ways to secure your VPN.

Configuring IPSec Virtual Private Networks (VPNs)

View Full Report

This guidance provides a more in-depth look at how to implement specific configurations for securing and maintaining secure VPN connections.

TENS Virtual Machine Guide

View Full Report

The United States Air Force Trusted End Node Security (TENS) solution allows authorized DoD teleworkers to connect to DoD sites and services from untrusted devices, such as personal computers. This guide provides detailed instructions for configuring a virtual machine to boot TENS until TENS is able to load when a computer uses UEF Secure Boot.

NSA’s Top Ten Cybersecurity Mitigation Strategies

View Summary Report

These strategies detail methods to counter a broad range of advanced cyber threats. The information included will help drive robust conversation about network security and risk management on your organization’s networks and are also helpful for individuals looking to better understand any of these mitigations. The Top 10 are ranked based on threat intelligence findings and cybersecurity expertise for effectiveness against known adversary tactics.

  1. Update and Upgrade Software Immediately
  2. Defend Privileges and Accounts
  3. Enforce Signed Software Execution Policy
  4. Exercise a System Recovery Plan
  5. Actively Manage Systems and Configurations
  6. Continuously Hunt for Network Intrusions
  7. Leverage Modern Hardware Security Features
  8. Segment Networks and Deploy Application Aware Defenses
  9. Integrate Threat Reputation Services
  10. Transition to Multi-Factor Authentication

ATTENTION READERS

We See The World From All Sides and Want YOU To Be Fully Informed
In fact, intentional disinformation is a disgraceful scourge in media today. So to assuage any possible errant incorrect information posted herein, we strongly encourage you to seek corroboration from other non-VT sources before forming an educated opinion.

About VT - Policies & Disclosures - Comment Policy
Due to the nature of uncensored content posted by VT's fully independent international writers, VT cannot guarantee absolute validity. All content is owned by the author exclusively. Expressed opinions are NOT necessarily the views of VT, other authors, affiliates, advertisers, sponsors, partners, or technicians. Some content may be satirical in nature. All images are the full responsibility of the article author and NOT VT.

1 COMMENT

  1. Or, be honest and have nothing to hide. That is what they say right ?

    Having a monopoly on snooping , really doesn’t amount to much unless you also have a monopoly on violence. So, which one would people like to see taken away ? Or maybe both ?
    Paranoia is not hard to turn into an industry. Churches do it, militaries do it, politico’s do it, corporations do it,… maybe just maybe, the market is open for transparency and honesty. Not the lip service, the real stuff. Actual. Tell it like it is. Let your conscience be your guide. You are not smarter than Aaron Neville. The pride is full blown foolish and immature.

Comments are closed.