The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2023-28461 with a CVSS score of 9.8, involves missing authentication, allowing attackers to achieve remote code execution by exploiting a vulnerable URL. Array Networks released a patch for the issue in March 2023 with firmware version 9.4.0.484, but the ongoing exploitation highlights the importance of prompt updates to secure these systems.
Recent reports reveal that the China-linked cyber espionage group Earth Kasha, also known as MirrorFace, has actively exploited this vulnerability. Known for targeting Japanese entities, Earth Kasha has expanded its operations to attack organizations in Taiwan, India, Europe, and other regions. Alongside CVE-2023-28461, the group has leveraged vulnerabilities in other enterprise-facing products like Proself (CVE-2023-45727) and Fortinet FortiOS/FortiProxy (CVE-2023-27997) for initial access. Notably, ESET disclosed an Earth Kasha campaign targeting an unnamed European diplomatic entity to deliver the ANEL backdoor, using the upcoming World Expo 2025 in Osaka, Japan, as a lure.
CISA has set a deadline of December 16, 2024, for Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches and secure their networks. This urgency reflects broader concerns, as a VulnCheck report indicates that over 440,000 internet-exposed systems remain potentially vulnerable to similar attacks. The report further highlights the abuse of commonly exploited vulnerabilities by at least 15 Chinese hacking groups, underscoring the pervasive threat landscape.
To mitigate risks, organizations are advised to evaluate their exposure to affected technologies, enhance visibility into potential threats, and prioritize robust patch management practices. Additional recommendations include minimizing the internet-facing exposure of vulnerable devices and leveraging comprehensive threat intelligence to stay ahead of evolving attack vectors. With active exploitation in progress, timely action is crucial to safeguard critical infrastructure and enterprise systems.
