1 min read

CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

Silviu STAHIE

October 13, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an advisory after spotting advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities combined with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon.

Less than a month before the November 3 elections in the United States, law agencies have detected APT actors trying to exploit known vulnerabilities, attacking federal and state, local, tribal and territorial (SLTT) government networks. The two agencies stated the attackers chose these targets because of their proximity to elections information.

So far, CISA has no evidence that election data integrity has been compromised, but the agency noticed some instances where this activity resulted in unauthorized access to elections support systems.

“CISA is aware of multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks,” states the advisory. “To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding.”

These vulnerabilities are useful in conjunction with the recent critical Netlogon vulnerability, tracked as CVE-2020-1472 , which attackers use to compromise all Active Directory (AD) identity services. When these credentials become available to threat actors, they use legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environments.

Of course, the first course of action for any private or state entity is to ensure that allvulnerabilities are patched. Secondly, if security professionals observe any activity related to CVE-2020-1472, they should immediately assume that APT actors have compromised AD administrative accounts and take the appropriate action.

This new campaign is still ongoing and will likely cause problems as long as CVE-2020-1472 remains active in unpatched systems.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read