Security News > 2023 > March > US federal agency hacked using old Telerik bug to steal data
Last year, a U.S. federal agency's Microsoft Internet Information Services web server was hacked by exploiting a critical.
According to a joint advisory issued today by CISA, the FBI, and MS-ISAC, the attackers had access to the server between November 2022 and early January 2023 based on indicators of compromise found on the unnamed federal civilian executive branch agency's network.
At least two threat actors accessed the unpatched server by exploiting this bug to gain remote code execution.
After hacking into the unnamed federal civilian executive branch agency's server, they deployed malicious payloads in the C:WindowsTemp folder to collect and exfiltrate information to attacker-controlled command and control servers.
More information on the malware installed on the hacked Microsoft IIS servers can be found in this malware analysis report also published today by CISA. The CVE-2019-18935 Telerik UI vulnerability was also included in the NSA's top 25 security bugs abused by Chinese hackers and the FBI's list of top targeted vulnerabilities.
Based on the IOCs linked to this breach, the U.S. federal agency failed to secure its Microsoft IIS server until the due date was reached.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-18935 | Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. | 9.8 |