Security News > 2023 > March > US federal agency hacked using old Telerik bug to steal data

US federal agency hacked using old Telerik bug to steal data
2023-03-15 16:39

Last year, a U.S. federal agency's Microsoft Internet Information Services web server was hacked by exploiting a critical.

According to a joint advisory issued today by CISA, the FBI, and MS-ISAC, the attackers had access to the server between November 2022 and early January 2023 based on indicators of compromise found on the unnamed federal civilian executive branch agency's network.

At least two threat actors accessed the unpatched server by exploiting this bug to gain remote code execution.

After hacking into the unnamed federal civilian executive branch agency's server, they deployed malicious payloads in the C:WindowsTemp folder to collect and exfiltrate information to attacker-controlled command and control servers.

More information on the malware installed on the hacked Microsoft IIS servers can be found in this malware analysis report also published today by CISA. The CVE-2019-18935 Telerik UI vulnerability was also included in the NSA's top 25 security bugs abused by Chinese hackers and the FBI's list of top targeted vulnerabilities.

Based on the IOCs linked to this breach, the U.S. federal agency failed to secure its Microsoft IIS server until the due date was reached.


News URL

https://www.bleepingcomputer.com/news/security/us-federal-agency-hacked-using-old-telerik-bug-to-steal-data/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-18935 Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function.
network
low complexity
telerik CWE-502
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Telerik 10 0 5 4 8 17