Security News > 2021 > April > NSA: Top 5 vulnerabilities actively abused by Russian govt hackers
A joint advisory from the U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation warn that the Russian Foreign Intelligence Service is exploiting five vulnerabilities in attacks against U.S. organizations and interests.
In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks.
"The vulnerabilities in today's release are part of the SVR's toolkit to target networks across the government and private sectors," Rob Joyce, NSA Director of Cybersecurity, said in a statement to BleepingComputer.
The U.S. government strongly advises that all admins "Urgently implement associated mitigations" for these vulnerabilities to prevent further attacks by the Russian SVR and other threat actors.
"Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors."
The NSA warned last year that two of these vulnerabilities, CVE-2019-11510 and CVE-2019-19781, are also in the top 25 vulnerabilities utilized by China state-sponsored hackers.
News URL
Related news
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |
| 2019-05-08 | CVE-2019-11510 | Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0 In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | 10.0 |