1 min read

CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

Silviu STAHIE

October 13, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an advisory after spotting advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities combined with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon.

Less than a month before the November 3 elections in the United States, law agencies have detected APT actors trying to exploit known vulnerabilities, attacking federal and state, local, tribal and territorial (SLTT) government networks. The two agencies stated the attackers chose these targets because of their proximity to elections information.

So far, CISA has no evidence that election data integrity has been compromised, but the agency noticed some instances where this activity resulted in unauthorized access to elections support systems.

“CISA is aware of multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks,” states the advisory. “To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding.”

These vulnerabilities are useful in conjunction with the recent critical Netlogon vulnerability, tracked as CVE-2020-1472 , which attackers use to compromise all Active Directory (AD) identity services. When these credentials become available to threat actors, they use legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environments.

Of course, the first course of action for any private or state entity is to ensure that allvulnerabilities are patched. Secondly, if security professionals observe any activity related to CVE-2020-1472, they should immediately assume that APT actors have compromised AD administrative accounts and take the appropriate action.

This new campaign is still ongoing and will likely cause problems as long as CVE-2020-1472 remains active in unpatched systems.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read