Security through data

MAIN

  • Home
  • Alerts
  • Blog
  • Events
  • Incidents
  • Tutorials

FEATURED

  • AI
  • Privacy
  • Cryptocurrency
  • Blockchain
  • IoT
  • Deep Web
  • Threat Actors
  • Social Engineering
  • Phishing
  • Malware
  • E-Commerce
  • Deepfake
  • Quantum Computing

COMPANY

  • About us
  • Advertise
  • Legal & Policy
Cybermaterial
  • CATEGORIES
    • Cyber101
      • Definition
      • Quote
    • Document
      • Cheat Sheet
      • Paper
      • Report
    • Education
      • Certification
      • Course
    • Entertainment
      • Documentary
      • Game
      • Meme
      • Movie
      • TV Show
    • Learning
      • Book
      • Lexicon
      • Podcasts
      • Tutorials
    • Tool
      • Hardware
      • Software
No Result
View All Result
Contact Us
Cybermaterial
  • CATEGORIES
    • Cyber101
      • Definition
      • Quote
    • Document
      • Cheat Sheet
      • Paper
      • Report
    • Education
      • Certification
      • Course
    • Entertainment
      • Documentary
      • Game
      • Meme
      • Movie
      • TV Show
    • Learning
      • Book
      • Lexicon
      • Podcasts
      • Tutorials
    • Tool
      • Hardware
      • Software
No Result
View All Result
Contact Us
Cybermaterial
No Result
View All Result

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

by CISA and FBI

in Alerts
2 min read
October 10, 2020

Note: the analysis in this joint cybersecurity advisory is ongoing, and the information provided should not be considered comprehensive. The Cybersecurity and Infrastructure Security Agency (CISA) will update this advisory as new information is available.

This joint cybersecurity advisory was written by CISA with contributions from the Federal Bureau of Investigation (FBI).

CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application.

This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.

CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised. There are steps that election officials, their supporting SLTT IT staff, and vendors can take to help defend against this malicious cyber activity.

Some common tactics, techniques, and procedures used by APT actors include leveraging legacy network access and virtual private network (VPN) vulnerabilities in association with the recent critical CVE-2020-1472 Netlogon vulnerability. CISA is aware of multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks. To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding. CISA recommends network staff and administrators review internet-facing infrastructure for vulnerabilities, including Juniper CVE-2020-1631, Pulse Secure CVE-2019-11510,  Citrix NetScaler CVE-2019-19781, and Palo Alto Networks CVE-2020-2021 (this list is not considered exhaustive).

After gaining initial access, the actors exploit CVE-2020-1472 to compromise all Active Directory (AD) identity services. Actors have then been observed using legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environment with the compromised credentials. Observed activity targets multiple sectors, and is not limited to SLTT entities.

DOWNLOAD PDF

Tags: AlertsCISACyber threatFBINetlogonVulnerabilitiesWindows
15
VIEWS

More Alerts

Adobe Releases Security Updates
Alerts

Adobe Releases Security Updates

April 15, 2021
Russian SVR Targets U.S. and Allied Networks – CISA – FBI – NSA
Alerts

Russian SVR Targets U.S. and Allied Networks – CISA – FBI – NSA

April 15, 2021
Google patches vulnerability in Android system – Security Bulletin –  April 2021
Alerts

Google patches vulnerability in Android system – Security Bulletin – April 2021

April 14, 2021

MORE

Quote

“Sysadmins are either your biggest vulnerability or your strongest asset for better security…”

October 23, 2020

Psychology of Passwords

October 23, 2020
Documentary

DOCUMENTARY: Dark Web: Fighting Cybercrime (2021)

February 11, 2021
Definition

Distributed Ledger Technology (DLT)

February 25, 2021
ADVERTISEMENT

Tags

Books Cybersecurity Hackers Malware Memes Movies Quantum Computing Report Software Word of the day

© 2021 | CyberMaterial | All rights reserved.

SECURITY THROUGH DATA

No Result
View All Result
  • Home
  • Alerts
  • Cyber Incidents
  • Blog
  • Events
  • Tutorials
  • Featured
    • AI
    • Privacy
    • Cryptocurrency
    • Blockchain
    • IoT
    • Deep Web
    • Threat Actors
    • Social Engineering
    • Deepfake
    • E-Commerce
    • Malware
    • Phishing
    • Quantum Computing

© 2020 CyberMaterial - Cyber Decoded.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.