Russian Intelligence Actively Exploits Five Known Vulnerabilities, NSA Says
Mitigating Against These Flaws Is Critically Important as the USA and Allied Networks Are Constantly Scanned, Targeted, and Exploited By Russian State-Sponsored Hackers.
Yesterday, the Biden Administration announced a set of measures aimed to impose costs on Russian cyber attackers for election influence operations, for the SolarWinds compromise, and for other cyberespionage incidents.
The NSA, CISA, and the FBI released a joint statement exposing exposed ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities in the SolarWinds Orion software supply chain, the use of WellMess malware against COVID-19 researchers, and network attacks exploiting VMware vulnerability.
NSA’s Cybersecurity Directorate warned that Russia’s SVR is actively exploiting five known vulnerabilities against the USA and allied networks including the six European agencies that were reportedly affected by the compromised SolarWinds supply chain.
- CVE-2018-13379 – Fortinet FortiGate VPN
- CVE-2019-9670 – Synacor Zimbra Collaboration Suite
- CVE-2019-11510 – Pulse Secure Pulse Connect Secure VPN
- CVE-2019-19781 – Citrix Application Delivery Controller and Gateway
- CVE-2020-4006 – VMware Workspace ONE Access
Russian Foreign Intelligence Service (SVR) cyber actors are exploiting five publicly known vulnerabilities to target U.S. and allied critical networks. Review our joint #cybersecurity guidance with @CISAgov and @FBI and apply the mitigations to stop them: https://t.co/rEC8AD7WdK pic.twitter.com/qaIpDyMx7y
— NSA Cyber (@NSACyber) April 15, 2021
According to AP News, ten Russian diplomats are being expelled by the US State Department as a result of this activity and 32 individuals and entities accused of attempting to influence last year’s presidential election, including by spreading disinformation are sanctioned.
“We cannot allow a foreign power to interfere in our democratic process with impunity”, president Biden said.
The US Department of the Treasury announced that it was sanctioning “16 entities and 16 individuals who attempted to influence the 2020 U.S. presidential election at the direction of the leadership of the Russian Government.” Four front media organizations associated with Russian intelligence services were identified as disinformation shops: SouthFront, NewsFront, InfoRos, and the Strategic Culture Foundation.
Image Source: U.S. Department of the Treasury
According to Jerusalem Post, the sabotage at Iran’s Natanz uranium enrichment facility was produced by a remotely detonated explosive device. The incident was widely attributed to Israel by both the Iranian government and Israeli media.
Since the infrastructure of the Emotet botnet has been taken down back in January, IcedID malicious activity has increased, filling the gap left behind by Emotet.
NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.
The agencies also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.