Pressure between Russia and the U.S. is increasing because of the nonstop cyberattacks on private and public sector establishments as well as the U.S. government by Russian government hackers. The National Security Agency (NSA), DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) published a joint advisory notifying with regards to the persistent Russian Foreign Intelligence Service (SVR) exploitation of software program vulnerabilities.
The cyberattacks have been linked to the Cozy Bear Advanced Persistent Threat (APT) Group – otherwise known as APT29/The Dukes – which works with the SVR. The APT group is carrying out considerable scanning and exploitation of software vulnerabilities in vulnerable systems to obtain access to credentials that permit them to get additional access to devices and networks for surveillance activities. The FBI, CISA and NSA have given facts about five software vulnerabilities that the SVR continue to effectively exploit to acquire access to networks and devices.
The FBI, CISA and NSA have already provided mitigations that could be carried out to secure against these vulnerabilities’ exploitation. Patches are readily available to fix all software vulnerabilities. Though numerous organizations have already applied the patch to the vulnerabilities, they could have actually been exploited and systems compromised. Steps must be undertaken to determine whether systems were breached and if actions were undertaken to minimize the loss of sensitive data that might enable Russia to acquire a tactical or competitive edge.
The SVR hackers commonly exploited the following 5 software vulnerabilities:
1. CVE-2018-13379 is discovered in Fortinet FortiGate VPNs. Unauthenticated attackers could obtain system files using HTTP resource requests. The affected versions include Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7, and 5.4.6 to 5.4.12
2. CVE-2019-9670 is identified in the Synacor Zimbra Collaboration Suite. It is an XML External Entity injection (XXE) vulnerability. The affected versions include 8.7.x before 8.7.11p10.
3. CVE-2019-19781 is identified in Citrix Application Delivery Controller and Gateway Directory. This traversal vulnerability permits an unauthenticated hacker to carry out arbitrary code The affected versions include the Citrix ADC and Gateway versions before 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 and 10.5.70.12 and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions prior to 10.2.6b and 11.0.3b.
4. CVE-2019-11510 is discovered in Pulse Secure VPNs. An unauthenticated remote attacker may send a specially created Uniform Resource Identifier (URI) to execute an arbitrary file read. The affected versions include PCS 8.2 prior to 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 prior to 9.0R3.4.
5. CVE-2020-4006 is discovered in VMware Workspace One Access. This Command injection vulnerability makes it possible for a hacker using a valid password to implement commands with unhindered privileges on the fundamental operating system. The affected versions include the VMware Identity Manager 3.3.1 – 3.3.3 on Linux, VMware One Access 20.01 and 20.10 on Linux, VMware Identity Manager Connector 3.3.1 – 3.3.3 and 19.03, VMware Vrealize Suite Lifecycle Manager 8.x, and VMware Cloud Foundation 4.0 – 4.1.
NSA, FBI and CISA firmly encourage all cybersecurity stakeholders to test their networks for indications of compromise linked to all five vulnerabilities and the tactics specified in the alert and to urgently employ appropriate mitigations,” mentioned in the notification (PDF).
Formalized Linking of SolarWinds Orion Supply Chain Attack
The U.S. government has additionally formally charged the Russian government of planning and performing the huge SolarWinds Orion supply chain attack, which enabled the SVR to acquire access to approximately 18,000 computers all over the world and carry out more substantial attacks on cybersecurity firms in America and its allies Malwarebytes, Mimecast Fireeye – and federal agencies in America. Russia has likewise been officially incriminated for having activities with the motive of disturbing the U.S. presidential election last November 2020.
Sanctions Made on Russia by President Biden
President Biden has passed an executive order stopping property and adding new prohibitions of Russia’s sovereign debt to make it tougher for Russia to raise funds. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has acted against 16 entities and 16 persons for their job in the campaign to have an impact on the 2020 U.S. presidential election, under the order of the Russian authorities.
All property and assets of those entities and people that are governed by U.S. jurisdiction were blocked and the entities and persons were put on OFAC’s SDN list. U.S. individuals were banned from doing ventures with them. Russian Technology firms included in the sanctions comprise Neobit, AST SVA, Pasit, Era Technologies, and Positive Technologies.