1 min read

CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

Silviu STAHIE

October 13, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an advisory after spotting advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities combined with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon.

Less than a month before the November 3 elections in the United States, law agencies have detected APT actors trying to exploit known vulnerabilities, attacking federal and state, local, tribal and territorial (SLTT) government networks. The two agencies stated the attackers chose these targets because of their proximity to elections information.

So far, CISA has no evidence that election data integrity has been compromised, but the agency noticed some instances where this activity resulted in unauthorized access to elections support systems.

“CISA is aware of multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks,” states the advisory. “To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding.”

These vulnerabilities are useful in conjunction with the recent critical Netlogon vulnerability, tracked as CVE-2020-1472 , which attackers use to compromise all Active Directory (AD) identity services. When these credentials become available to threat actors, they use legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environments.

Of course, the first course of action for any private or state entity is to ensure that allvulnerabilities are patched. Secondly, if security professionals observe any activity related to CVE-2020-1472, they should immediately assume that APT actors have compromised AD administrative accounts and take the appropriate action.

This new campaign is still ongoing and will likely cause problems as long as CVE-2020-1472 remains active in unpatched systems.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malware Posing as Ransomware Responsible for Ukraine Cyberattack Malware Posing as Ransomware Responsible for Ukraine Cyberattack
Silviu STAHIE

January 17, 2022

2 min read
Russian Authorities Cuff Last Remaining REvil Suspects Russian Authorities Cuff Last Remaining REvil Suspects
Filip TRUȚĂ

January 17, 2022

2 min read
Android 12 protects phones from Stingray attacks, lets users disable 2G Android 12 protects phones from Stingray attacks, lets users disable 2G
Radu CRAHMALIUC

January 14, 2022

1 min read