Security News > 2020 > September > Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security.

The threat actors have been spotted successfully exploiting two common vulnerabilities - allowing them to compromise federal government and commercial entities, according to CISA. The first is a vulnerability in F5's Big-IP Traffic Management User Interface, which allows cyber threat actors to execute arbitrary system commands, create or delete files, disable services, and/or execute Java code.

Threat actors were also observed hunting for Citrix VPN Appliances vulnerable to CVE-2019-19781, which is a flaw that enables attackers to execute directory traversal attacks.

News URL

https://threatpost.com/hackers-gov-microsoft-exchange-f5-exploits/159226/