Security News > 2021 > April > US warns of Russian state hackers still targeting US, foreign orgs
The FBI, the US Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency warned today of continued attacks coordinated by the Russian Foreign Intelligence Service against US and foreign organizations.
With access to the administrative account, the actors modified permissions of specific e-mail accounts on the network, allowing any authenticated network user to read those accounts.
Leveraging Zero-Day Vulnerability: In a separate incident, SVR actors used CVE-2019-19781, a zero-day exploit at the time, against a virtual private network appliance to obtain network access.
These intrusions, which mostly relied on targeting on-premises network resources, were a departure from historic tradecraft, and likely indicate new ways the actors are evolving in the virtual environment.
Tradecraft Similarities of SolarWinds-enabled Intrusions: During the spring and summer of 2020, using modified SolarWinds network monitoring software as an initial intrusion vector, SVR cyber operators began to expand their access to numerous networks.
Today's security advisory complements a previous one published on April 15th, sharing info on vulnerabilities exploited by the Russian-backed APT29 hacking group to breach national security and government-related networks in the US and worldwide.
News URL
Related news
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Treasury hackers also breached US foreign investments review office (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Hackers game out infowar against China with the US Navy (source)
- Subaru Starlink flaw let hackers hijack cars in US and Canada (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Spain arrests suspected hacker of US and Spanish military agencies (source)
- Suspected NATO, UN, US Army hacker arrested in Spain (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |