17 April 21, 08:04
Quote:The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies.
According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. Cozy Bear or The Dukes) is conducting “widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access.” The targets include U.S. and allied national-security and government networks, it added.
The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware (detailed below) that organizations should patch immediately, researchers warned.
“Some of these vulnerabilities also have working Metasploit modules and are currently being widely exploited,” said researchers with Cisco Talos, in a related posting on Thursday. “Please note that some of these vulnerabilities exploit applications leveraging SSL. This means that users should enable SSL decryption…to detect exploitation of these vulnerabilities.”
The NSA has linked APT29 to Russia’s Foreign Intelligence Services (SVR). The news comes as the U.S. formally attributed the recent SolarWinds supply-chain attack to the SVR and issued sanctions on Russia for cyberattacks and what President Biden called out as interference with U.S. elections.
Read more: NSA: 5 Security Bugs Under Active Nation-State Cyberattack | Threatpost