Security News > 2021 > April > US warns of Russian state hackers still targeting US, foreign orgs
The FBI, the US Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency warned today of continued attacks coordinated by the Russian Foreign Intelligence Service against US and foreign organizations.
With access to the administrative account, the actors modified permissions of specific e-mail accounts on the network, allowing any authenticated network user to read those accounts.
Leveraging Zero-Day Vulnerability: In a separate incident, SVR actors used CVE-2019-19781, a zero-day exploit at the time, against a virtual private network appliance to obtain network access.
These intrusions, which mostly relied on targeting on-premises network resources, were a departure from historic tradecraft, and likely indicate new ways the actors are evolving in the virtual environment.
Tradecraft Similarities of SolarWinds-enabled Intrusions: During the spring and summer of 2020, using modified SolarWinds network monitoring software as an initial intrusion vector, SVR cyber operators began to expand their access to numerous networks.
Today's security advisory complements a previous one published on April 15th, sharing info on vulnerabilities exploited by the Russian-backed APT29 hacking group to breach national security and government-related networks in the US and worldwide.
News URL
Related news
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- US warns of Iranian hackers escalating influence operations (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- US offers $2.5 million reward for hacker linked to Angler Exploit Kit (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- US cracks down on Russian disinformation before 2024 election (source)
- Russian military hackers linked to critical infrastructure attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |