The National Security Agency, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation released a combined cybersecurity advisory titled “Russian SVR Targets U.S. and Allied Networks” today in effort to bring attention to Russia’s Foreign Intelligence Service and their exploitation of public vulnerabilities.
The five vulnerabilities being exploited:
CVE-2018-13379 – Fortinet FortiGate VPN
CVE-2019-9670 – Synacor Zimbra Collaboration Suite
CVE-2019-11510 – Pulse Secure Pulse Connect Secure VPN
CVE-2019-19781 – Citrix Application Delivery Controller and Gateway
CVE-2020-4006 – VMware Workspace ONE Access
These government agencies are publishing these warnings to “highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.
They also explained U.S. and allied networks are being constantly scanned, targeted, and exploited by Russian state-sponsored threat actors. Through the VMware vulnerability, threat actors have been targeting networks connected to Covid-19 research facilities.
SpearTip’s cyber experts can assist in mitigating Russian state-sponsored threats through our security operations center. Our engineers remain attentive to the changing circumstances in the threat landscape and can handle the patch management and network security for your organization to relieve the headaches from dealing with intrusions.
Our team will continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.